identd w/ openssh

xercist xercist at lammah.com
Wed Nov 22 04:06:57 EST 2000


I've just realised that when a user uses ssh to connect to a machine, then
sets up a port forward and uses it, the resulting connection is reported by
identd as belonging to root. While I realise ident is not any kind of
secure authentication, it doesn't make much sense to make it even less so
by letting any user create connections reported to be made by root.

The sshd should drop all root privs and use only the connecting user's id
before setting up the process that forwards the connection. Your opinions?


-- 

-*% % % % % % % % % % % % % % % % *-
  -*    xercist                 *-
  -*    xercist at mindless.com    *-
-* % % % % % % % % % % % % % % % %*-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20001121/5d528335/attachment.bin 


More information about the openssh-unix-dev mailing list