Date: Thu, 3 Aug 2000 02:57:40 -0400 From: Karsten Patzwaldt <karsten@berlin.sfai.edu> To: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>, freebsd-security@freebsd.org Subject: Re: What will I lose if ssh is no more suid root? Message-ID: <20000803025740.A7484@berlin.sfai.edu> In-Reply-To: <20000803074228.A1682@curry.mchp.siemens.de>; from andre.albsmeier@mchp.siemens.de on Thu, Aug 03, 2000 at 07:42:28AM %2B0200 References: <20000803074228.A1682@curry.mchp.siemens.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Aug 03, 2000 at 07:42:28AM +0200, Andre Albsmeier wrote: > As the subject says: What functionality will I lose when ssh > in 4.1-STABLE is not setuid root anymore? > > The reason for asking is that I want to socksify ssh on the > fly with runsocks. I removed the setuid root mode and it seems > to work. > > Since I assume that no program is suid root without reason, > can someone please enlighten me what I will lose now? SSH uses ports <1024 when it opens a connection, which is only allowed for root. I don't have a reasonable explanation for this, although it could give some protection from clients that were not installed by the admin. But this ports <1024-protection doesn't work anyways (who has no UNIX computer at home? Does this protection work on Windows? Er...), so IMHO it should be save to remove SUID. Regards, -- Karsten To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000803025740.A7484>