From owner-freebsd-arch  Sat Sep  2 14:24:58 2000
Delivered-To: freebsd-arch@freebsd.org
Received: from Awfulhak.org (tun.AwfulHak.org [194.242.139.173])
	by hub.freebsd.org (Postfix) with ESMTP
	id E652C37B42C; Sat,  2 Sep 2000 14:24:44 -0700 (PDT)
Received: from hak.lan.Awfulhak.org (root@hak.lan.awfulhak.org [172.16.0.12])
	by Awfulhak.org (8.9.3/8.9.3) with ESMTP id WAA81095;
	Sat, 2 Sep 2000 22:22:07 +0100 (BST)
	(envelope-from brian@hak.lan.Awfulhak.org)
Received: from hak.lan.Awfulhak.org (brian@localhost [127.0.0.1])
	by hak.lan.Awfulhak.org (8.11.0/8.11.0) with ESMTP id e82LLV771512;
	Sat, 2 Sep 2000 22:21:31 +0100 (BST)
	(envelope-from brian@hak.lan.Awfulhak.org)
Message-Id: <200009022121.e82LLV771512@hak.lan.Awfulhak.org>
X-Mailer: exmh version 2.1.1 10/15/1999
To: "Jacques A. Vidrine" <n@nectar.com>
Cc: Neil Blakey-Milner <nbm@mithrandr.moria.org>,
	Poul-Henning Kamp <phk@critter.freebsd.dk>,
	Brian Somers <brian@Awfulhak.org>, Dan Nelson <dnelson@emsphone.com>,
	sthaug@nethelp.no, ume@FreeBSD.org, arch@FreeBSD.org,
	freebsd-arch@FreeBSD.org
Subject: Re: setuid ssh should die 
In-Reply-To: Message from "Jacques A. Vidrine" <n@nectar.com> 
   of "Sat, 02 Sep 2000 16:01:56 CDT." <20000902160156.D1263@hamlet.nectar.com> 
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <71489.967929690.1@hak.lan.Awfulhak.org>
Date: Sat, 02 Sep 2000 22:21:31 +0100
From: Brian Somers <brian@Awfulhak.org>
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> On Sat, Sep 02, 2000 at 10:32:44PM +0200, Neil Blakey-Milner wrote:
> > On Sat 2000-09-02 (22:24), Poul-Henning Kamp wrote:
> > > Uhm, how about a ssh_config variable where you tell it to drop
> > > the setuid bit right away, wouldn't that work ?
> > 
> > I'd prefer to leave it off.  It means one less file to assure myself is
> > safe, if I were thinking with my paranoid security hat on.
> 
> In addition to Neil's points, setuid executables ignore LD_LIBRARY_PATH
> and such, breaking SOCKS.  ssh is the type of application one would
> expect to use with SOCKS, so I'd prefer not having the gratuitous setuid
> bit set.

What do people reckon then (-arch cc'd) ?  I'll add

#ENABLE_SUIDSSH=	true

to etc/defaults/make.conf then mention it in ssh_config and make the 
adjustment to the ssh build so that it defaults to *not* being suid.

> -- 
> Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org

-- 
Brian <brian@Awfulhak.org>                        <brian@[uk.]FreeBSD.org>
      <http://www.Awfulhak.org>                   <brian@[uk.]OpenBSD.org>
Don't _EVER_ lose your sense of humour !




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message