From owner-cvs-all Tue Nov 14 9:49: 0 2000 Delivered-To: cvs-all@freebsd.org Received: from storm.FreeBSD.org.uk (storm.freebsd.org.uk [194.242.139.170]) by hub.freebsd.org (Postfix) with ESMTP id 6C48B37B4CF; Tue, 14 Nov 2000 09:48:45 -0800 (PST) Received: from hak.lan.Awfulhak.org (hak.nat.Awfulhak.org [172.31.0.12]) by storm.FreeBSD.org.uk (8.11.1/8.11.1) with ESMTP id eAEHmPK29244; Tue, 14 Nov 2000 17:48:31 GMT (envelope-from brian@hak.lan.Awfulhak.org) Received: from hak.lan.Awfulhak.org (brian@localhost [127.0.0.1]) by hak.lan.Awfulhak.org (8.11.1/8.11.1) with ESMTP id eAEHX6Y01932; Tue, 14 Nov 2000 17:33:06 GMT (envelope-from brian@hak.lan.Awfulhak.org) Message-Id: <200011141733.eAEHX6Y01932@hak.lan.Awfulhak.org> X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 To: Brian Feldman Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, brian@Awfulhak.org, kris@FreeBSD.org Subject: Re: cvs commit: src/etc/defaults make.conf src/secure/usr.bin/ssh Makefile In-Reply-To: Message from Brian Feldman of "Mon, 13 Nov 2000 20:42:25 PST." <200011140442.UAA44924@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 14 Nov 2000 17:33:05 +0000 From: Brian Somers Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > green 2000/11/13 20:42:25 PST > > Modified files: > etc/defaults make.conf > secure/usr.bin/ssh Makefile > Log: > Disable /usr/bin/ssh being setuid root by default. Let the variable > ENABLE_SUID_SSH being defined reenable it for those that want it. > > This follows discussion favoring the change from September. It > is not usually necessary to be setuid root, possibly less safe, > and less convenient (cannot use $HOSTALIASES, for example). > > Submitted by: jedgar > > Revision Changes Path > 1.132 +4 -1 src/etc/defaults/make.conf > 1.11 +3 -1 src/secure/usr.bin/ssh/Makefile Is this documented ? I only ask because I sent kris a patch for this nearly two months ago. I would have committed it myself except that he explicitly asked me to pass the change by him. I quote my mail for your viewing pleasure: : Return-Path: brian@hak.lan.Awfulhak.org : Delivery-Date: Sat Sep 16 02:44:14 2000 : Return-Path: : Received: from hak.lan.Awfulhak.org (brian@localhost [127.0.0.1]) : by hak.lan.Awfulhak.org (8.11.0/8.11.0) with ESMTP id e8G1iDn01594; : Sat, 16 Sep 2000 02:44:13 +0100 (BST) : (envelope-from brian@hak.lan.Awfulhak.org) : Message-Id: <200009160144.e8G1iDn01594@hak.lan.Awfulhak.org> : X-Mailer: exmh version 2.1.1 10/15/1999 : To: Kris Kennaway : cc: Brian Somers : Subject: Re: setuid ssh should die : Mime-Version: 1.0 : Content-Type: text/plain; charset=us-ascii : Date: Sat, 16 Sep 2000 02:44:12 +0100 : From: Brian Somers : : Hi, remember this ? :-) : : > I have no problems making ssh non-suid by default since most people dont : > use RhostsRSAAuthentication. : > : > Since I have ssh changes in the works please send me the patches and I'll : > apply them after the upgrade. Please add information to the manpage on how : > to fix it, and a helpful error telling them what to do when the user tries : > to use it. : : How about this patch ? : : Cheers. : -- : Brian : : Don't _EVER_ lose your sense of humour ! : : Index: crypto/openssh/ssh.1 : =================================================================== : RCS file: /home/ncvs/src/crypto/openssh/ssh.1,v : retrieving revision 1.15 : diff -u -r1.15 ssh.1 : --- crypto/openssh/ssh.1 2000/09/10 09:35:38 1.15 : +++ crypto/openssh/ssh.1 2000/09/16 01:41:59 : @@ -465,6 +465,11 @@ : .Cm RhostsAuthentication : and : .Cm RhostsRSAAuthentication . : +.Pp : +If : +.Nm : +is not installed as a setuid binary, this option is enforced for non-root : +users. : .It Fl q : Quiet mode. : Causes all warning and diagnostic messages to be suppressed. : @@ -882,6 +887,23 @@ : .Dq yes : or : .Dq no . : +.Pp : +If : +.Nm : +is not installed as a setuid binary, this option is disabled for non-root : +users. : +.Nm : +can be made setuid by either running : +.Pp : +.Dl chown root /usr/bin/ssh : +.Dl chmod 4555 /usr/bin/ssh : +.Pp : +or if you wish to do a source installation, setting : +.Dv ENABLE_SUIDSSH : +to : +.Dq true : +in : +.Pa /etc/make.conf . : .It Cm RSAAuthentication : Specifies whether to try RSA authentication. : The argument to this keyword must be : @@ -892,6 +914,13 @@ : attempted if the identity file exists, or an authentication agent is : running. : Note that this option applies to protocol version 1 only. : +.Pp : +If : +.Nm : +is not installed as a setuid binary, this option is disabled for non-root : +users (see : +.Cm RhostsRSAAuthentication : +above). : .It Cm SkeyAuthentication : Specifies whether to use : .Xr skey 1 : Index: crypto/openssh/ssh_config : =================================================================== : RCS file: /home/ncvs/src/crypto/openssh/ssh_config,v : retrieving revision 1.6 : diff -u -r1.6 ssh_config : --- crypto/openssh/ssh_config 2000/09/10 09:35:38 1.6 : +++ crypto/openssh/ssh_config 2000/09/16 01:22:21 : @@ -17,8 +17,8 @@ : # Host * : # ForwardAgent yes : # ForwardX11 yes : -# RhostsAuthentication yes : -# RhostsRSAAuthentication yes : +# RhostsAuthentication yes # Unless ENABLE_SUIDSSH=true in /etc/make.conf : +# RhostsRSAAuthentication yes # (the default), these two options are disabled. : # RSAAuthentication yes : # PasswordAuthentication yes : # FallBackToRsh no : Index: secure/usr.bin/ssh/Makefile : =================================================================== : RCS file: /home/ncvs/src/secure/usr.bin/ssh/Makefile,v : retrieving revision 1.10 : diff -u -r1.10 Makefile : --- secure/usr.bin/ssh/Makefile 2000/09/10 09:43:29 1.10 : +++ secure/usr.bin/ssh/Makefile 2000/09/15 21:02:09 : @@ -4,8 +4,12 @@ : SSHSRC= ${.CURDIR}/../../../crypto/openssh : : PROG= ssh : +.if defined(ENABLE_SUIDSSH) && \ : + ((${ENABLE_SUIDSSH} == "yes") || (${ENABLE_SUIDSSH} == "YES") || \ : + (${ENABLE_SUIDSSH} == "true") || (${ENABLE_SUIDSSH} == "TRUE")) : BINOWN= root : BINMODE=4555 : +.endif : MAN1= ssh.1 : LINKS= ${BINDIR}/ssh ${BINDIR}/slogin : MLINKS= ssh.1 slogin.1 : Index: etc/defaults/make.conf : =================================================================== : RCS file: /home/ncvs/src/etc/defaults/make.conf,v : retrieving revision 1.121 : diff -u -r1.121 make.conf : --- etc/defaults/make.conf 2000/09/10 00:09:34 1.121 : +++ etc/defaults/make.conf 2000/09/15 07:15:46 : @@ -46,6 +46,9 @@ : # To enable building enstalling suidperl with the setuid bit turned on : #ENABLE_SUIDPERL= true : # : +# To install ssh setuid-root (thus allowing FallBackToRsh to work) : +#ENABLE_SUIDSSH= true : +# : # To build perl with thread support : #PERL_THREADED= true : # : : -- Brian Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message