by redmail.netbsd.org with SMTP; 3 Nov 1999 18:16:48 -0000
	by noc.untraceable.net (8.10.0.Beta6/8.10.0.Beta6/bonk!) id dA3IFK523276;
	Wed, 3 Nov 1999 13:15:20 -0500 (EST)
Date: Wed, 3 Nov 1999 13:15:19 -0500
From: Andrew Brown <atatat@atatdot.net>
To: der Mouse <mouse@Rodents.Montreal.QC.CA>
Cc: tech-security@netbsd.org
Subject: Re: evil? sshd patch
Message-ID: <19991103131519.A23232@noc.untraceable.net>
Reply-To: Andrew Brown <atatat@atatdot.net>
References: <199911031730.MAA15846@Twig.Rodents.Montreal.QC.CA>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <199911031730.MAA15846@Twig.Rodents.Montreal.QC.CA>; from mouse@Rodents.Montreal.QC.CA on Wed, Nov 03, 1999 at 12:30:19PM -0500
Return-Receipt-To: receipts@daemon.org
Errors-To: errrors@graffiti.com

>> -          || (auth_rsa(getpwnam("root"), &n, &sensitive_data.random_state,
>> +           || (auth_rsa(getpwuid(0), &n, &sensitive_data.random_state,
>
>But which uid-0 account do you get?  (Actually, I suppose it doesn't
>much matter; all Ylonen-derived sshes I know of are already severely
>broken in the presence of multiple passwd entries with a single UID.

while i understand your point (doing accounting and stuff, blah blah
blah) it really won't make much difference here, will it?  after
all...if i don't want to log in as root to anyone (or whatever you
want to call this new mechanism), i could just do

   ssh -t fooroot@some.machine.com su - someluser

and get the same thing, no?

>Their response to my bug report was basically "don't do that".)

of course it was.  :)

>I'd still rather see this specified in sshd_config (including the magic
>user's name), disabled by default.

i'm still confused as to why they ship ssh with root logins allowed
turned on.

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."