From owner-freebsd-security  Tue Jul 21 03:40:12 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id DAA24060
          for freebsd-security-outgoing; Tue, 21 Jul 1998 03:40:12 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from hosting.doublesquare.com (hosting.doublesquare.com [195.5.128.151])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id DAA23886
          for <security@FreeBSD.ORG>; Tue, 21 Jul 1998 03:39:55 -0700 (PDT)
          (envelope-from ark@eltex.ru)
From: ark@eltex.ru
Received: from eltex.ru (eltax-spiiras.nw.ru [195.19.204.46] (may be forged))
	by hosting.doublesquare.com (8.8.8/8.8.8) with ESMTP id PAA14101;
	Tue, 21 Jul 1998 15:01:58 +0400 (MSD)
	(envelope-from ark@eltex.ru)
Received: from paranoid.eltex.spb.ru (border.eltex.ru [195.19.198.2])
	by eltex.ru (8.8.8/8.8.8) with ESMTP id OAA03053;
	Tue, 21 Jul 1998 14:39:25 +0400 (MSD)
	(envelope-from ark@eltex.ru)
Received: (from ark@localhost) by paranoid.eltex.spb.ru (8.8.8/8.7.3) id OAA16327; Tue, 21 Jul 1998 14:38:15 GMT
Date: Tue, 21 Jul 1998 14:38:15 GMT
Message-Id: <199807211438.OAA16327@paranoid.eltex.spb.ru>
In-Reply-To: <Pine.BSF.3.96.980721104018.5652S-100000@bofh.fast.net.uk> from "Jay Tribick <netadmin@fastnet.co.uk>"
Organization: "Klingon Imperial Intelligence Service"
Subject: Re: Ssh vsprintf (was the lame whoose-language is better war)
To: netadmin@fastnet.co.uk
Cc: ben@efn.org, security@FreeBSD.ORG
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

-----BEGIN PGP SIGNED MESSAGE-----

nuqneH,

Jay Tribick <netadmin@fastnet.co.uk> said :

> 
> | > I haven't had chance to look at the ssh code but why would it
> | > need to use vsprintf?? And also, why is it installed suid root?
> | 
> | This package installs two programs that need special privileges.  Ssh
> | is the client program, and it is by default installed as suid root,
> | because it needs to create a privileged port in order to use .rhosts
> | files for authentication.  If it is not installed as suid root, it will
> | still be usable, but .rhosts authentication will not be available.  Also, the
> | private host key file is readable by root only.
> 
> Hmm.. Just OOI why would it need to be suid root to read the .rhosts
> file? Surely there's a better solution, maybe installing it sgid
> within it's own group?

AFAIR it is _client_ that needs root to initiate connection from a
privileged port. Mandatory for .rhosts authentication.

                                    _     _  _  _  _      _  _
 {::} {::} {::}  CU in Hell          _| o |_ | | _|| |   / _||_|   |_ |_ |_
 (##) (##) (##)        /Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|
 [||] [||] [||]            Do i believe in Bible? Hell,man,i've seen one!

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBNbSn1qH/mIJW9LeBAQFj/gP+IT/WSU054BY1h0xVdywwFKQG7dhXY5tF
XOVQEyjwebGfhT6GelnVZoQINkTS/riutQEAZxQea/pM/0gcQVfDHQK0YFffhbaa
qPtFvnK1aR4gZddC9RyAdNRfKzwiuZ49txtCx6h4ulUXkxw33iBn3svkmZsH/uE5
zuXkjUJYWRU=
=Njv2
-----END PGP SIGNATURE-----

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message