netbsd-bugs: pkg/7080: ${PREFIX}/bin/ssh1 needs to be setuid in ssh-1.2.26

Subject: pkg/7080: ${PREFIX}/bin/ssh1 needs to be setuid in ssh-1.2.26
To: None <gnats-bugs@gnats.netbsd.org>
From: David Rankin <drankin@bohemians.lexington.ky.us>
List: netbsd-bugs
Date: 03/03/1999 17:18:31

>Number:         7080
>Category:       pkg
>Synopsis:       ${PREFIX}/bin/ssh1 needs to be setuid in ssh-1.2.26
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    gnats-admin (GNATS administrator)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Mar  3 14:35:01 1999
>Last-Modified:
>Originator:     David Rankin
>Organization:
Bohemians Unincorporated
>Release:        package-19990301
>Environment:
	
System: NetBSD portia 1.3I NetBSD 1.3I (PORTIA) #1: Wed Feb 24 15:17:00 EST 1999 drankin@oldtom:/usr/src/sys/arch/i386/compile/PORTIA i386


>Description:
When ssh-1.2.26 installs, it doesn't setuid ssh1. In an interactive 
environment, ssh willa non-root user, it will fail with calls to initgroups and/or setgroups.
I have exposed this because I have an automated non-root process calling
ssh.
>How-To-Repeat:
Call ssh as a non-root user from a process without a controlling shell.
>Fix:
Comment out this line in ssh's Makefile
CONFIGURE_ARGS+=        --disable-suid-ssh
>Audit-Trail:
>Unformatted: