by redmail.netbsd.org with SMTP; 5 Nov 1999 13:05:20 -0000
Date: Sat, 6 Nov 1999 00:02:20 +1100 (EST)
From: "Simon J. Gerraty" <sjg@quick.com.au>
Message-Id: <199911051302.AAA24542@zen.quick.com.au>
To: der Mouse  <mouse@Rodents.Montreal.QC.CA>
Cc: sjg@quick.com.au, tech-security@netbsd.org
Subject: Re: evil? sshd patch
References: <199911031352.IAA14915@Twig.Rodents.Montreal.QC.CA>

In lists.netbsd.tech-security you write:
>If this were off by default and had to be specifically enabled in the
>sshd_config on the remote machine, including specifying the empowering
>user name, I'd love it.

Actually that's basically what I proposed to Tatu Ylonen.
The patch I posted here is the same as the one sent to Tatu, and is
fine for guaging the acceptance of the concept.  You and I like the idea,
others do not.

The patch "as is" is fine for my systems because I know they all have a
root account.  If this feature were to be incorporated for wider consumption
then I agree it should need to be turned on in sshd_config and I'd see no
reason to hard code "root".

--sjg