--{enable/disable}-suid-ssh removed, rhosts auth gone when UID != 0

Ben Lindstrom mouring at etoh.eviladmin.org
Wed Jul 3 22:54:07 EST 2002


It ws removed because RhostAuth is the only thing depending on it, and it
was felt if you want to use the feature (which is not recommented) that
you can setuid it yourself.   HostBased Authentication is now handled by
ssh-keysign which is setuid instead.  Much smaller amount of code to
audit.

- Ben

On Wed, 3 Jul 2002, Robert Dahlem wrote:

> Hi,
>
> According to ChangeLog someone "(bal)" removed -{enable/disable}-suid-ssh
> from configure (dating from 2002/06/07). Don't know the reason, probably
> this has something to do with PrivilegeSeparation.
>
> Consequence is: Users with UID != 0 are no longer able to allocate
> privileged ports, sshd answers "Rhosts Authentication disabled,
> originating port will not be trusted". Bang, there they sit. :-)
>
> Ok, "chmod u+s ssh scp" does help as first aid.
>
> My question is: Is SUID on ssh/scp considered dangerous? Are there other
> reasons one should avoid this?
>
> Regards,
>         Robert
>
>
> --
> Robert.Dahlem at siemens.com
> Siemens Business Services - FS GF KORDOBA-Outsourcing
> Tel: +49-69-797-6530  Fax: +49-69-797-6599
> ----------------------------------------------------------------------
> Sent using PMMail (http://www.pmmail2000.com) - fast, decent, email
> software; far better than Outlook. Try it sometime.
>
>
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>




More information about the openssh-unix-dev mailing list