[Bug 758] if authorized keys exchanged, regular user can gain

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Nov 14 11:40:29 EST 2003


http://bugzilla.mindrot.org/show_bug.cgi?id=758





------- Additional Comments From mouring at eviladmin.org  2003-11-13 17:40 -------
I can't reproduce this on any platform I own.

$ echo ~/
/home/mouring/
$ id
uid=1001(mouring) gid=1001(mouring) groups=1001(mouring), 0(wheel), 1000(cvs)
$ su
Password:
# ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa):

Check your ~user/.ssh/ vs check your ~root/.ssh/

ssh being setuid or not will not make a bit of difference because such a case is
already handled by ssh.c:main().

- Ben



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list