Killing the builtin entropy code

Jim Knoble jmknoble at pobox.com
Fri Dec 21 17:33:02 EST 2001


Circa 2001-Dec-20 22:06:43 -0600 dixit mouring at etoh.eviladmin.org:

: On Thu, 20 Dec 2001, Jim Knoble wrote:
: > Obviously, we'd only suid(user) for sshd, not for e.g. ssh, ssh-agent,
: > or ssh-keygen.
: 
: Do we?  ssh can be setuid.  And IIRC the current place we seed the random
: number still has root privs.  So ssh and sshd could need to drop
: prives accordingly.

Gack.  Of course, you're right (i've never had a use for Rhost-anything
authentication, so i haven't installed ssh setuid-root in several years).

In reflecting on that, i suppose 'setuid(getuid());' won't hurt
anything even if ssh isn't setuid-root.  In which case i suppose it
can't really hurt to do it everywhere....

*Slinks back under rock*

-- 
jim knoble | jmknoble at pobox.com   | http://www.pobox.com/~jmknoble/
(GnuPG fingerprint: 31C4:8AAC:F24E:A70C:4000::BBF4:289F:EAA8:1381:1491)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 262 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20011221/d5c76e3e/attachment.bin 


More information about the openssh-unix-dev mailing list