Date: Tue, 21 Jul 1998 14:38:15 GMT From: ark@eltex.ru To: netadmin@fastnet.co.uk Cc: ben@efn.org, security@FreeBSD.ORG Subject: Re: Ssh vsprintf (was the lame whoose-language is better war) Message-ID: <199807211438.OAA16327@paranoid.eltex.spb.ru> In-Reply-To: <Pine.BSF.3.96.980721104018.5652S-100000@bofh.fast.net.uk> from "Jay Tribick <netadmin@fastnet.co.uk>"
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
nuqneH,
Jay Tribick <netadmin@fastnet.co.uk> said :
>
> | > I haven't had chance to look at the ssh code but why would it
> | > need to use vsprintf?? And also, why is it installed suid root?
> |
> | This package installs two programs that need special privileges. Ssh
> | is the client program, and it is by default installed as suid root,
> | because it needs to create a privileged port in order to use .rhosts
> | files for authentication. If it is not installed as suid root, it will
> | still be usable, but .rhosts authentication will not be available. Also, the
> | private host key file is readable by root only.
>
> Hmm.. Just OOI why would it need to be suid root to read the .rhosts
> file? Surely there's a better solution, maybe installing it sgid
> within it's own group?
AFAIR it is _client_ that needs root to initiate connection from a
privileged port. Mandatory for .rhosts authentication.
_ _ _ _ _ _ _
{::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_
(##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_|
[||] [||] [||] Do i believe in Bible? Hell,man,i've seen one!
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQCVAwUBNbSn1qH/mIJW9LeBAQFj/gP+IT/WSU054BY1h0xVdywwFKQG7dhXY5tF
XOVQEyjwebGfhT6GelnVZoQINkTS/riutQEAZxQea/pM/0gcQVfDHQK0YFffhbaa
qPtFvnK1aR4gZddC9RyAdNRfKzwiuZ49txtCx6h4ulUXkxw33iBn3svkmZsH/uE5
zuXkjUJYWRU=
=Njv2
-----END PGP SIGNATURE-----
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807211438.OAA16327>