From owner-freebsd-security Thu Jun 3 11:10:35 1999 Delivered-To: freebsd-security@freebsd.org Received: from wopr.caltech.edu (wopr.caltech.edu [131.215.240.222]) by hub.freebsd.org (Postfix) with ESMTP id 2F1E414CAC for ; Thu, 3 Jun 1999 11:10:33 -0700 (PDT) (envelope-from mph@wopr.caltech.edu) Received: (from mph@localhost) by wopr.caltech.edu (8.9.3/8.9.1) id LAA60304; Thu, 3 Jun 1999 11:09:57 -0700 (PDT) (envelope-from mph) Date: Thu, 3 Jun 1999 11:09:57 -0700 From: Matthew Hunt To: "Jan B. Koum " Cc: Bill Fumerola , Unknow User , freebsd-security@freebsd.org Subject: Re: SSH2 (in FreeBSD-Questions) Message-ID: <19990603110957.C59847@wopr.caltech.edu> References: <375690E3.4BC9BB94@tdnet.com.br> <19990603110213.B19566@best.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i In-Reply-To: <19990603110213.B19566@best.com>; from Jan B. Koum on Thu, Jun 03, 1999 at 11:02:14AM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Jun 03, 1999 at 11:02:14AM -0700, Jan B. Koum wrote: > Ports will install ssh client suid, where I am 99% sure you don't > need the client to be suid. I always do '--disable-suid-ssh' when rolling > out new ssh. Why does it build SUID as shipped? What are the implications of installing it otherwise? The port can certainly be changed, if the Right Way is with --disable-suid-ssh. In any case, anyone can add --disable-suid-ssh to the CONFIGURE_ARGS line of the port Makefile, and still derive the benefit of the login.conf patches, pkg_delete, and so forth. It seems that the original poster isn't even willing to just apply the appropriate patch from the port to solve his problem. I really do not understand the confusion that is at work here. Matt -- Matthew Hunt * Inertia is a property http://www.pobox.com/~mph/ * of matter. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message