Date: Sat, 02 Sep 2000 23:57:20 +0100 From: Brian Somers <brian@Awfulhak.org> To: Brian Somers <brian@Awfulhak.org> Cc: Kris Kennaway <kris@FreeBSD.org>, "Jacques A. Vidrine" <n@nectar.com>, Neil Blakey-Milner <nbm@mithrandr.moria.org>, Poul-Henning Kamp <phk@critter.freebsd.dk>, Dan Nelson <dnelson@emsphone.com>, sthaug@nethelp.no, ume@FreeBSD.org, arch@FreeBSD.org, freebsd-arch@FreeBSD.org, brian@Awfulhak.org Subject: Re: setuid ssh should die Message-ID: <200009022257.e82MvK775931@hak.lan.Awfulhak.org> In-Reply-To: Message from Brian Somers <brian@Awfulhak.org> of "Sat, 02 Sep 2000 23:39:47 BST." <200009022239.e82Mdl775769@hak.lan.Awfulhak.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> > On Sat, 2 Sep 2000, Brian Somers wrote:
> >
> > > What do people reckon then (-arch cc'd) ? I'll add
> > >
> > > #ENABLE_SUIDSSH= true
> > >
> > > to etc/defaults/make.conf then mention it in ssh_config and make the
> > > adjustment to the ssh build so that it defaults to *not* being suid.
> >
> > I have no problems making ssh non-suid by default since most people dont
> > use RhostsRSAAuthentication.
> >
> > Since I have ssh changes in the works please send me the patches and I'll
> > apply them after the upgrade. Please add information to the manpage on how
> > to fix it, and a helpful error telling them what to do when the user tries
> > to use it.
>
> That's no problem, except for the ``helpful error'' bit. I don't
> think ssh should attempt to interpret the failure to bind a socket.
> The perror() should be sufficient in my book.
Wait... I'm missing something here. It seems that ssh will exec rsh
when FallBackToRsh is enabled. It therefore doesn't need root for
anything I know of.
Can anybody enlighten me ?
--
Brian <brian@Awfulhak.org> <brian@[uk.]FreeBSD.org>
<http://www.Awfulhak.org>; <brian@[uk.]OpenBSD.org>
Don't _EVER_ lose your sense of humour !
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009022257.e82MvK775931>