Date: Tue, 21 Jul 1998 14:38:15 GMT From: ark@eltex.ru To: netadmin@fastnet.co.uk Cc: ben@efn.org, security@FreeBSD.ORG Subject: Re: Ssh vsprintf (was the lame whoose-language is better war) Message-ID: <199807211438.OAA16327@paranoid.eltex.spb.ru> In-Reply-To: <Pine.BSF.3.96.980721104018.5652S-100000@bofh.fast.net.uk> from "Jay Tribick <netadmin@fastnet.co.uk>"
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- nuqneH, Jay Tribick <netadmin@fastnet.co.uk> said : > > | > I haven't had chance to look at the ssh code but why would it > | > need to use vsprintf?? And also, why is it installed suid root? > | > | This package installs two programs that need special privileges. Ssh > | is the client program, and it is by default installed as suid root, > | because it needs to create a privileged port in order to use .rhosts > | files for authentication. If it is not installed as suid root, it will > | still be usable, but .rhosts authentication will not be available. Also, the > | private host key file is readable by root only. > > Hmm.. Just OOI why would it need to be suid root to read the .rhosts > file? Surely there's a better solution, maybe installing it sgid > within it's own group? AFAIR it is _client_ that needs root to initiate connection from a privileged port. Mandatory for .rhosts authentication. _ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNbSn1qH/mIJW9LeBAQFj/gP+IT/WSU054BY1h0xVdywwFKQG7dhXY5tF XOVQEyjwebGfhT6GelnVZoQINkTS/riutQEAZxQea/pM/0gcQVfDHQK0YFffhbaa qPtFvnK1aR4gZddC9RyAdNRfKzwiuZ49txtCx6h4ulUXkxw33iBn3svkmZsH/uE5 zuXkjUJYWRU= =Njv2 -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807211438.OAA16327>