[Bug 3470] Cannot run SSH with a different effective userid
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Aug 12 10:43:06 AEST 2022
https://bugzilla.mindrot.org/show_bug.cgi?id=3470
Darren Tucker <dtucker at dtucker.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at dtucker.net
--- Comment #1 from Darren Tucker <dtucker at dtucker.net> ---
In the past, ssh(1) could be installed setuid root (for a couple of
reasons mostly relating to hostbased and rhosts authentication).
Referencing home directories by environment variables under those
conditions would be a potential security problem.
Rhosts auth is long gone, hostbased auth has used a small setuid helper
(ssh-keysign) for many years, and a few years ago (in v7.8) we removed
support for installing ssh as setuid.
So yes there was a reason for it, but that reason is no longer there.
Changing the behaviour would be a potentially incompatible change,
however, so would need to be considered carefully.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list