From owner-freebsd-arch Sat Sep 2 15:18:30 2000 Delivered-To: freebsd-arch@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 6DE9037B422; Sat, 2 Sep 2000 15:18:28 -0700 (PDT) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id PAA84793; Sat, 2 Sep 2000 15:18:28 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Sat, 2 Sep 2000 15:18:27 -0700 (PDT) From: Kris Kennaway To: Brian Somers Cc: "Jacques A. Vidrine" , Neil Blakey-Milner , Poul-Henning Kamp , Dan Nelson , sthaug@nethelp.no, ume@FreeBSD.org, arch@FreeBSD.org, freebsd-arch@FreeBSD.org Subject: Re: setuid ssh should die In-Reply-To: <200009022121.e82LLV771512@hak.lan.Awfulhak.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, 2 Sep 2000, Brian Somers wrote: > What do people reckon then (-arch cc'd) ? I'll add > > #ENABLE_SUIDSSH= true > > to etc/defaults/make.conf then mention it in ssh_config and make the > adjustment to the ssh build so that it defaults to *not* being suid. I have no problems making ssh non-suid by default since most people dont use RhostsRSAAuthentication. Since I have ssh changes in the works please send me the patches and I'll apply them after the upgrade. Please add information to the manpage on how to fix it, and a helpful error telling them what to do when the user tries to use it. Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message