From owner-freebsd-security  Wed Feb 21 14:34: 1 2001
Delivered-To: freebsd-security@freebsd.org
Received: from ns1.via-net-works.net.ar (ns1.via-net-works.net.ar [200.10.100.10])
	by hub.freebsd.org (Postfix) with ESMTP id F14E637B401
	for <security@FreeBSD.ORG>; Wed, 21 Feb 2001 14:33:56 -0800 (PST)
	(envelope-from fpscha@ns1.via-net-works.net.ar)
Received: (from fpscha@localhost)
	by ns1.via-net-works.net.ar (8.9.3/8.9.3) id TAA80210;
	Wed, 21 Feb 2001 19:36:12 -0300 (ART)
From: Fernando Schapachnik <fpscha@ns1.via-net-works.net.ar>
Message-Id: <200102212236.TAA80210@ns1.via-net-works.net.ar>
Subject: Re: Inconsistent behavior on openssh
In-Reply-To: <20010220112654.A35156@mollari.cthul.hu> "from Kris Kennaway at
 Feb 20, 2001 11:26:55 am"
To: Kris Kennaway <kris@obsecurity.org>
Date: Wed, 21 Feb 2001 19:36:12 -0300 (ART)
Cc: Fernando Schapachnik <fschapachnik@vianetworks.com.ar>,
	security@FreeBSD.ORG
Reply-To: Fernando Schapachnik <fschapachnik@vianetworks.com.ar>
X-Mailer: ELM [version 2.4ME+ PL82 (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=ISO-8859-1
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

En un mensaje anterior, Kris Kennaway escribió:
-- Start of PGP signed section.
> On Tue, Feb 20, 2001 at 09:15:59AM -0300, Fernando Schapachnik wrote:
> > En un mensaje anterior, Kris Kennaway escribió:
> > > >     Simply install your ~/.ssh/identity.pub in your remote account's
> > > >     ~/.ssh/authorized_keys file.  That's why I use.  I've never in my
> > > >     life used .rhosts or .shosts with ssh.
> > > 
> > > Or if you really want to use RhostsRSAAuthentication, rebuild sshd
> > > with ENABLE_SUID_SSH=true in /etc/make.conf
> > 
> > I don't think it will sufice:
> > 
> > ssh.c:
> > /* Disable rhosts authentication if not running as root. */
> > if (original_effective_uid != 0 ||!options.use_privileged_port) {
> >              options.rhosts_authentication = 0;
> >              options.rhosts_rsa_authentication = 0; 
> > 
> > 
> > It's not #ifdef'd.
> 
> Erm - if it's setuid root (controlled by the makefile when it's
> installed), the original_effective_uid == 0.

Then you were right. Should have looked better :). Thanks!



Fernando P. Schapachnik
Administración de la red
VIA NET.WORKS ARGENTINA S.A.
fschapachnik@vianetworks.com.ar
Conmutador: (54-11) 4323-3333 - Soporte: 0810-333-AYUDA

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message