From owner-cvs-ports  Sat Aug 10 03:40:15 1996
Return-Path: owner-cvs-ports
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id DAA03237
          for cvs-ports-outgoing; Sat, 10 Aug 1996 03:40:15 -0700 (PDT)
Received: (from peter@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id DAA03169;
          Sat, 10 Aug 1996 03:40:00 -0700 (PDT)
Date: Sat, 10 Aug 1996 03:40:00 -0700 (PDT)
From: Peter Wemm <peter>
Message-Id: <199608101040.DAA03169@freefall.freebsd.org>
To: CVS-committers, cvs-all, cvs-ports
Subject: cvs commit:  ports/security/ssh/patches patch-ak
Sender: owner-cvs-ports@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

peter       96/08/10 03:39:59

  Added:       security/ssh/patches  patch-ak
  Log:
  Add the posted patch from the ssh@clinet.fi mailing list that fixes the
  permissions checking on "public" directories.  There is little to prevent
  a user creating an authorized_keys file in another user's home dir
  (eg: uucp) and gain access to the account.  SSH's problem is that the
  StrictModes checking is not enforced for RSA logins, just rhosts-style
  logins. :-(