Date: Sat, 2 Sep 2000 22:04:41 +0100 From: Ben Smithurst <ben@FreeBSD.org> To: "Jacques A. Vidrine" <n@nectar.com> Cc: Dan Nelson <dnelson@emsphone.com>, sthaug@nethelp.no, phk@critter.freebsd.dk, ume@FreeBSD.ORG, arch@FreeBSD.ORG Subject: Re: setuid ssh should die (Re: Request for review: nsswitch) Message-ID: <20000902220441.O72445@strontium.scientia.demon.co.uk> In-Reply-To: <20000902150221.A1263@hamlet.nectar.com> References: <41582.967924374@critter> <62717.967924513@verdi.nethelp.no> <20000902145822.B28852@dan.emsphone.com> <20000902150221.A1263@hamlet.nectar.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Jacques A. Vidrine wrote: > On Sat, Sep 02, 2000 at 02:58:22PM -0500, Dan Nelson wrote: >> Rather, it's so it can read the host key, which is only readable by >> root. > > We're talking about ssh, not sshd. Yes, ssh needs to read the host key for RhostsRSA authentication to work. If you don't use RhostsRSA, it doesn't need to be setuid. At least, that's my understanding, which may be wrong. Time for a SSH_SETUID knob in make.conf perhaps. -- Ben Smithurst / ben@FreeBSD.org / PGP: 0x99392F7D To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000902220441.O72445>