ssh setuid changes.

Markus Friedl markus at openbsd.org
Wed Jun 12 05:22:01 EST 2002


well i don't think it's worth the trouble,
since this code is only for rhosts-rsa.

for hostbased auth ssh no longer needs to
be setuid root.


-m

On Tue, Jun 11, 2002 at 11:17:31AM -0700, Darren Moffat wrote:
> >I'm still convinced that expressions as
> >
> >	if (uid == 0)
> >
> >should be changed to a function call
> >
> >	if (is_superuser (uid))
> >
> >which would allow to write platform dependent code in port-XXX.c
> >instead of having the need for #ifdef's.
> 
> Taking it a step further the function could take an arugment that says why the
> check is being done (bind to priveleged port, read a file I don't own) and
> would setup the necessary privelege.  This would allow systems that have fine
> grained privelege to use it, a subsequent call would be made to drop the
> privelege after it was no longer needed.
> 
> --
> Darren J Moffat
> 
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev



More information about the openssh-unix-dev mailing list