Killing the builtin entropy code
Jim Knoble
jmknoble at pobox.com
Fri Dec 21 17:33:02 EST 2001
Circa 2001-Dec-20 22:06:43 -0600 dixit mouring at etoh.eviladmin.org:
: On Thu, 20 Dec 2001, Jim Knoble wrote:
: > Obviously, we'd only suid(user) for sshd, not for e.g. ssh, ssh-agent,
: > or ssh-keygen.
:
: Do we? ssh can be setuid. And IIRC the current place we seed the random
: number still has root privs. So ssh and sshd could need to drop
: prives accordingly.
Gack. Of course, you're right (i've never had a use for Rhost-anything
authentication, so i haven't installed ssh setuid-root in several years).
In reflecting on that, i suppose 'setuid(getuid());' won't hurt
anything even if ssh isn't setuid-root. In which case i suppose it
can't really hurt to do it everywhere....
*Slinks back under rock*
--
jim knoble | jmknoble at pobox.com | http://www.pobox.com/~jmknoble/
(GnuPG fingerprint: 31C4:8AAC:F24E:A70C:4000::BBF4:289F:EAA8:1381:1491)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 262 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20011221/d5c76e3e/attachment.bin
More information about the openssh-unix-dev
mailing list