https://bugzilla.mindrot.org/show_bug.cgi?id=3470
Darren Tucker <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #1 from Darren Tucker <[email protected]> --- In the past, ssh(1) could be installed setuid root (for a couple of reasons mostly relating to hostbased and rhosts authentication). Referencing home directories by environment variables under those conditions would be a potential security problem. Rhosts auth is long gone, hostbased auth has used a small setuid helper (ssh-keysign) for many years, and a few years ago (in v7.8) we removed support for installing ssh as setuid. So yes there was a reason for it, but that reason is no longer there. Changing the behaviour would be a potentially incompatible change, however, so would need to be considered carefully. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
