Date: Sat, 10 Aug 1996 03:40:00 -0700 (PDT) From: Peter Wemm <peter> To: CVS-committers, cvs-all, cvs-ports Subject: cvs commit: ports/security/ssh/patches patch-ak Message-ID: <199608101040.DAA03169@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
peter 96/08/10 03:39:59 Added: security/ssh/patches patch-ak Log: Add the posted patch from the ssh@clinet.fi mailing list that fixes the permissions checking on "public" directories. There is little to prevent a user creating an authorized_keys file in another user's home dir (eg: uucp) and gain access to the account. SSH's problem is that the StrictModes checking is not enforced for RSA logins, just rhosts-style logins. :-(
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199608101040.DAA03169>