[Bug 3470] Cannot run SSH with a different effective userid

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Aug 12 10:43:06 AEST 2022


https://bugzilla.mindrot.org/show_bug.cgi?id=3470

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at dtucker.net

--- Comment #1 from Darren Tucker <dtucker at dtucker.net> ---
In the past, ssh(1) could be installed setuid root (for a couple of
reasons mostly relating to hostbased and rhosts authentication). 
Referencing home directories by environment variables under those
conditions would be a potential security problem.

Rhosts auth is long gone, hostbased auth has used a small setuid helper
(ssh-keysign) for many years, and a few years ago (in v7.8) we removed
support for installing ssh as setuid.

So yes there was a reason for it, but that reason is no longer there. 
Changing the behaviour would be a potentially incompatible change,
however, so would need to be considered carefully.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list