On Wed Feb 06, 2002 at 01:23:22AM -0600, Bryan Paxton wrote: > > > Like I said, ssh really doesn't need to be setuid either, unless you > > > specifically need to use rhost auth, but refer above for all that info. > > > > > > This is arguable, but I think the sane and logical choice to make is to > > > strip all these of their setuid bits. > > > > We did, at one time, strip the setuid bit from ssh but the openssh > > team yelled at us (specifically, Theo yelled at me). > > > > I think we'll keep the setuid bit on ssh. =) Anyone who's had that > > happen to them doesn't want a repeat performance and, unfortunately, > > Theo and Markus both come to me know when there are any anomolies in > > our openssh packages... =) > > HAHA, I can understand that. > But Theo is not the OpenSSH team (though he might like to think himself > that).
No, true enough... Markus always comes at me when there are issues with our openssh. =) But Markus I like talking to... Theo.. depends on his mood. =) > Specifically..... From the OpenSSH FAQ(http://www.openssh.com/faq.html): > <SNIP> > 2.1 - Why does ssh/scp make connections from low-numbered ports. > > The OpenSSH client uses low numbered ports for rhosts and rhosts-rsa authentication >because the server needs to trust the username provided by the client. To get around >this, you can add the below example to your ssh_config or ~/.ssh/config file. > UsePrivilegedPort no > > Or you can specify this option on the command line, using the -o option to ssh(1) >command. > $ ssh -o "UsePrivilegedPort no" host.com > 2.2 - Why is the ssh client setuid root? > > In conjunction with the previous question, (2.1) OpenSSH needs root authority to be >able to bind to low-numbered ports to facilitate rhosts authentication. A privileged >port is also required for rhosts-rsa authentication to older SSH releases. > > Additionally, for both rhosts-rsa authentication (in protocol version 1) and >hostbased authentication (in protocol version 2) the ssh client needs to access the >private host key in order to authenticate the client machine to the server. So the >setuid root bit is needed for these authentication methods, too. > You can safely remove the setuid bit from the ssh executable if you don't want to >use these authentication methods. > </SNIP> Right, but you see that it is needed for protocol2 hostbased auth. I think this is an important feature. I could care less about rhost compatability, but I like the idea of hostbased auth to more minimize spoofing. > So, I vote for ummmmmm.... screw Theo : ) Well, I always vote for that, but unfortunately, he knows who I am so he comes at me all the time... hehehe > But it doesn't look that's happening... rtools is all I'm truely > concerned about... Patch gets in, I'll be a happy camper : ) Yes... rtools is a concern. Down with rsh! =) -- MandrakeSoft Security, OpenPGP key available on www.keyserver.net 1024D/FE6F2AFD 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD Current Linux kernel 2.4.8-34.1mdk uptime: 14 days 15 hours 50 minutes.
msg53824/pgp00000.pgp
Description: PGP signature
