Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 21 Jul 1998 11:48:24 +0100 (BST)
From:      Jay Tribick <netadmin@fastnet.co.uk>
To:        ark@eltex.ru
Cc:        ben@efn.org, security@FreeBSD.ORG
Subject:   Re: Ssh vsprintf (was the lame whoose-language is better war)
Message-ID:  <Pine.BSF.3.96.980721114309.5652l-100000@bofh.fast.net.uk>
In-Reply-To: <199807211438.OAA16327@paranoid.eltex.spb.ru>
next in thread | previous in thread | raw e-mail | index | archive | help 


| > | > I haven't had chance to look at the ssh code but why would it
| > | > need to use vsprintf?? And also, why is it installed suid root?
| > | 
| > | This package installs two programs that need special privileges.  Ssh
| > | is the client program, and it is by default installed as suid root,
| > | because it needs to create a privileged port in order to use .rhosts
| > | files for authentication.  If it is not installed as suid root, it will
| > | still be usable, but .rhosts authentication will not be available.  Also, the
| > | private host key file is readable by root only.
| > 
| > Hmm.. Just OOI why would it need to be suid root to read the .rhosts
| > file? Surely there's a better solution, maybe installing it sgid
| > within it's own group?
| 
| AFAIR it is _client_ that needs root to initiate connection from a
| privileged port. Mandatory for .rhosts authentication.

Yeh your right..

bash-2.00# whereis rlogin
rlogin: /usr/bin/rlogin /usr/share/man/man1/rlogin.1.gz
/usr/src/usr.bin/rlogin
bash-2.00# cd /usr/bin
bash-2.00# chmod 755 rlogin
bash-2.00# su kronus
su-2.00$ rlogin kaos.fast.net.uk
rlogin: remote host doesn't support Kerberos: Connection refused
rcmd: socket: Permission denied
su-2.00$ 

|                                      _ _ _ _ _ _ _
|  {::} {::} {::}  CU in Hell          _| o |_ | | _|| |   / _||_|   |_ |_ |_
|  (##) (##) (##)        /Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|
|  [||] [||] [||]            Do i believe in Bible? Hell,man,i've seen one!

Oh my god :) A FidoNet address? That still exists? <grin>

Regards,

Jay Tribick

[| Network Administrator | FastNet International | http://fast.net.uk/ |]
[|        Finger netadmin@fastnet.co.uk for contact information        |]
[| T: +44 (0)1273 677633 F: +44 (0)1273 621631 e: netadmin@fast.net.uk |]



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980721114309.5652l-100000>