From owner-freebsd-security  Sun Nov  1 22:47:33 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id WAA20131
          for freebsd-security-outgoing; Sun, 1 Nov 1998 22:47:33 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from burka.rdy.com (burka.rdy.com [205.149.163.30])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id WAA20124
          for <freebsd-security@FreeBSD.ORG>; Sun, 1 Nov 1998 22:47:30 -0800 (PST)
          (envelope-from dima@burka.rdy.com)
Received: (from dima@localhost)
	by burka.rdy.com (8.8.8/RDY&DVV) id WAA25893;
	Sun, 1 Nov 1998 22:47:21 -0800 (PST)
Message-Id: <199811020647.WAA25893@burka.rdy.com>
Subject: Re: SSH vsprintf patch. (You've been warned Mr. Glass)
In-Reply-To: <19981101213817.A11911@best.com> from "Jan B. Koum " at "Nov 1, 1998  9:38:17 pm"
To: jkb@best.com (Jan B. Koum )
Date: Sun, 1 Nov 1998 22:47:20 -0800 (PST)
Cc: dima@best.net, peter.jeremy@auss2.alcatel.com.au,
        freebsd-security@FreeBSD.ORG, winter@jurai.net
X-Class: Fast
Organization: HackerDome
Reply-To: dima@best.net
From: dima@best.net (Dima Ruban)
X-Mailer: ELM [version 2.4ME+ PL45 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Jan B. Koum  writes:
> On Sun, Nov 01, 1998 at 09:13:36PM -0800, Dima Ruban <dima@best.net> wrote:
> > Jan B. Koum  writes:
> > > 	Which is why when you install ssh, you can run ./configure with 
> > > 	"--disable-suid-ssh" argument.
> > 
> > Which will introduce tonns of other problems.
> 
> 	Such as?
> 
> 	I have been using ssh this way for about a year and haven't
> 	seen any. Then again - I am not doing anything fancy with ssh.
> 	And no, I don't need to have ssh installed suid just to get
> 	.rhost type authentication.

Let me ask you this. Would you trust a packet that came from non-priviledged
port and which wants to do something that even remotely should be secure?

> 
> -- Yan
> 

-- dima

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message