From owner-freebsd-security  Tue Jul 21 06:05:50 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id GAA15504
          for freebsd-security-outgoing; Tue, 21 Jul 1998 06:05:50 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from hosting.doublesquare.com (hosting.doublesquare.com [195.5.128.151])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA15490
          for <security@FreeBSD.ORG>; Tue, 21 Jul 1998 06:05:30 -0700 (PDT)
          (envelope-from ark@eltex.ru)
From: ark@eltex.ru
Received: from eltex.ru (eltax-spiiras.nw.ru [195.19.204.46] (may be forged))
	by hosting.doublesquare.com (8.8.8/8.8.8) with ESMTP id RAA14419;
	Tue, 21 Jul 1998 17:27:12 +0400 (MSD)
	(envelope-from ark@eltex.ru)
Received: from paranoid.eltex.spb.ru (border.eltex.ru [195.19.198.2])
	by eltex.ru (8.8.8/8.8.8) with ESMTP id RAA03411;
	Tue, 21 Jul 1998 17:04:41 +0400 (MSD)
	(envelope-from ark@eltex.ru)
Received: (from ark@localhost) by paranoid.eltex.spb.ru (8.8.8/8.7.3) id RAA16737; Tue, 21 Jul 1998 17:03:32 GMT
Date: Tue, 21 Jul 1998 17:03:32 GMT
Message-Id: <199807211703.RAA16737@paranoid.eltex.spb.ru>
In-Reply-To: <14723.901021972@verdi.nethelp.no> from "sthaug@nethelp.no"
Organization: "Klingon Imperial Intelligence Service"
Subject: Re: Ssh vsprintf (was the lame whoose-language is better war)
To: sthaug@nethelp.no
Cc: netadmin@fastnet.co.uk, security@FreeBSD.ORG
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

-----BEGIN PGP SIGNED MESSAGE-----

nuqneH,

sthaug@nethelp.no said :

> > | AFAIR it is _client_ that needs root to initiate connection from a
> > | privileged port. Mandatory for .rhosts authentication.
> > 
> > Yeh your right..
> 
> But most of the time when you use SSH you don't *need* .rhosts type
> "authentication" - because you're using RSA authentication or password
> over an encrypted channel.
> 
> If you don't need .rhosts "authentication", it's a good idea to turn
> off setuid root for the ssh client.

afair RSArhosts needs privileged port as well.. 

                                     _     _  _  _  _      _  _
 {::} {::} {::}  CU in Hell          _| o |_ | | _|| |   / _||_|   |_ |_ |_
 (##) (##) (##)        /Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|
 [||] [||] [||]            Do i believe in Bible? Hell,man,i've seen one!

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBNbTJ4qH/mIJW9LeBAQH9sgP5ASi2tYY0Qbp2GUxl3MMLE1/MgBIjti0d
/ypgW0eVAbp0K5Nr0ZAVdZKzP4QNxq9IIxBDJDoa1YRd3hvdfEUUyZuyl4JWdNcE
aE2xuyJR63O0SPFWFLaqRzcs7ZSy9qcPz9qsf+fzUMLwaNjUpRS1avOC5sOjdt3F
1Vv5OM5iOOg=
=cF4h
-----END PGP SIGNATURE-----

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message