change in rhosts-rsa behavior
Markus Friedl
Markus.Friedl at informatik.uni-erlangen.de
Tue Apr 24 23:58:02 EST 2001
On Tue, Apr 24, 2001 at 09:48:00AM -0400, Michael Stone wrote:
> On Tue, Apr 24, 2001 at 03:40:13PM +0200, Markus Friedl wrote:
> > privileged ports require setuid root and cause problems.
>
> Don't you need this anyway to read the private key? If you install
> without suid, didn't everything else work find without privileged ports?
probably not in the future. an external program can do this
for protocol version 2.
> > openssh's sshd does not require this.
>
> It did up until a little while ago. Wouldn't it make sense to change the
> server default first, wait a major release, and then change the client
> default?
there was a release between these changes.
> > you can always force the client to allocate privileged ports.
>
> openssh seems to have a nasty habit of breaking compatibility a *lot*.
not that i'm aware of.
please, show me.
> (It's one of the things I hear quite often when people are installing
> new openssh's.) It would be nice if compatibility concerns were given
> more weight, especially in a case like this, where the benefits of the
> change aren't really driven by security.
we got much more complaints with:
"why does openssl allocate a privileged port"
than
"why does openssl not allocate a privileged port"
plus: this change is driven by security, since openssh's client
should not need to be setuid in the future.
-m
More information about the openssh-unix-dev
mailing list