On Wed, 2002-02-06 at 01:00, Vincent Danen wrote: > On Tue Feb 05, 2002 at 11:38:48PM -0600, Bryan Paxton wrote: > > [...] > > > Like I said, ssh really doesn't need to be setuid either, unless you > > specifically need to use rhost auth, but refer above for all that info. > > > > This is arguable, but I think the sane and logical choice to make is to > > strip all these of their setuid bits. > > We did, at one time, strip the setuid bit from ssh but the openssh > team yelled at us (specifically, Theo yelled at me). > > I think we'll keep the setuid bit on ssh. =) Anyone who's had that > happen to them doesn't want a repeat performance and, unfortunately, > Theo and Markus both come to me know when there are any anomolies in > our openssh packages... =)
HAHA, I can understand that. But Theo is not the OpenSSH team (though he might like to think himself that). Specifically..... From the OpenSSH FAQ(http://www.openssh.com/faq.html): <SNIP> 2.1 - Why does ssh/scp make connections from low-numbered ports. The OpenSSH client uses low numbered ports for rhosts and rhosts-rsa authentication because the server needs to trust the username provided by the client. To get around this, you can add the below example to your ssh_config or ~/.ssh/config file. UsePrivilegedPort no Or you can specify this option on the command line, using the -o option to ssh(1) command. $ ssh -o "UsePrivilegedPort no" host.com 2.2 - Why is the ssh client setuid root? In conjunction with the previous question, (2.1) OpenSSH needs root authority to be able to bind to low-numbered ports to facilitate rhosts authentication. A privileged port is also required for rhosts-rsa authentication to older SSH releases. Additionally, for both rhosts-rsa authentication (in protocol version 1) and hostbased authentication (in protocol version 2) the ssh client needs to access the private host key in order to authenticate the client machine to the server. So the setuid root bit is needed for these authentication methods, too. You can safely remove the setuid bit from the ssh executable if you don't want to use these authentication methods. </SNIP> So, I vote for ummmmmm.... screw Theo : ) But it doesn't look that's happening... rtools is all I'm truely concerned about... Patch gets in, I'll be a happy camper : ) -- Bryan Paxton Public PGP key: http://www.deadhorse.net/bpaxton.gpg "What laughter, why joy, when constantly aflame? Enveloped in darkness, don't you look for a lamp?" Dhp. 163
