On Tue, 2002-02-05 at 23:41, R.I.P. Deaddog wrote: > On 5 Feb 2002, Bryan Paxton wrote: > > > No and yes. No, it doesn't have to be setuid for use with rsync or > > rdist, cvs, etc... > > > > However, if you wish to actually use rsh to facilitate the rhosts auth, > > yes it does need to be setuid root (same goes for ssh, if you wish to > > use rhost auth with it. Which should be added to the perm files as > > well). > > > > But you have to ask yourself a few questions... > > 1. Who the hell uses rhost auth anymore? > > 2. Being that mdk's target audience is the desktop user, are they ever > > going to encounter a situation where they need rhost functionality? > > 3. Why rsh when there's ssh? > > The questions could go on... > > But I think the only people who might actually need to rsh, would be > > knowledgeable enough to know how to do a 'chmod +s foo'. > > > > Like I said, ssh really doesn't need to be setuid either, unless you > > specifically need to use rhost auth, but refer above for all that info. > > > > This is arguable, but I think the sane and logical choice to make is to > > strip all these of their setuid bits. > > Mandrake has done this before, but reverted to setuid ssh later. > Somebody (Danen?) mentioned that Theo de Raat yell at mandrakesoft, > complaining about a broken non-setuid ssh... >
Theo likes to whine... The point is, if you read above, a non-setuid ssh client binary is NOT broken, it just can't use rhost auth. And once again, who uses it anymore? -- Bryan Paxton Public PGP key: http://www.deadhorse.net/bpaxton.gpg "What laughter, why joy, when constantly aflame? Enveloped in darkness, don't you look for a lamp?" Dhp. 163
