Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 3 Jun 1999 11:17:46 -0700
From:      Matthew Hunt <mph@astro.caltech.edu>
To:        "David G. Andersen" <danderse@cs.utah.edu>
Cc:        "Jan B. Koum " <jkb@best.com>, Bill Fumerola <billf@jade.chc-chimes.com>, Unknow User <kernel@tdnet.com.br>, freebsd-security@freebsd.org
Subject:   Re: SSH2 (in FreeBSD-Questions)
Message-ID:  <19990603111746.A60419@wopr.caltech.edu>
In-Reply-To: <14166.50513.861526.155312@torrey.cs.utah.edu>; from David G. Andersen on Thu, Jun 03, 1999 at 12:12:13PM -0600
References:  <375690E3.4BC9BB94@tdnet.com.br> <Pine.BSF.3.96.990603133742.8776C-100000@jade.chc-chimes.com> <19990603110213.B19566@best.com> <19990603110957.C59847@wopr.caltech.edu> <14166.50513.861526.155312@torrey.cs.utah.edu>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thu, Jun 03, 1999 at 12:12:13PM -0600, David G. Andersen wrote:

> It's SUID so it can obtain the local host private key, for
> authentication to the remote machine.  This is necessary if you use
> ssh with .rhosts/.shosts functionality.
> 
> If you don't care about this functionality, then you don't need it to
> be suid.

Maybe it would be good if we keep the current behavior as a default,
and add some sort of DISABLE_SUID option to the build?

Yan, I'm not sure I like the comment on your web page advising
people to avoid ports and packages.  There's no reason to avoid the
ports or packages if you're willing to spend a little time looking
at them, like you have to with the source tarballs anyway, and by
avoiding the ports you may miss out on FreeBSD enhancements, as is
the case with ssh2.  I would consider the login.conf patch to be
security-related.

By all means, if you have security concerns about specific ports,
you should let us know!

Matt

-- 
Matthew Hunt <mph@astro.caltech.edu> * Stay close to the Vorlon.
http://www.pobox.com/~mph/           *


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990603111746.A60419>