change in rhosts-rsa behavior

Michael Stone mstone at cs.loyola.edu
Tue Apr 24 23:48:00 EST 2001


On Tue, Apr 24, 2001 at 03:40:13PM +0200, Markus Friedl wrote:
> privileged ports require setuid root and cause problems.

Don't you need this anyway to read the private key? If you install
without suid, didn't everything else work find without privileged ports?

> openssh's sshd does not require this.

It did up until a little while ago. Wouldn't it make sense to change the
server default first, wait a major release, and then change the client
default?

> you can always force the client to allocate privileged ports.

openssh seems to have a nasty habit of breaking compatibility a *lot*.
(It's one of the things I hear quite often when people are installing
new openssh's.) It would be nice if compatibility concerns were given
more weight, especially in a case like this, where the benefits of the
change aren't really driven by security.

-- 
Mike Stone



More information about the openssh-unix-dev mailing list