tech-security: Re: setuid ssh

Subject: Re: setuid ssh
To: Curt Sampson <cjs@cynic.net>
From: Manuel Bouyer <bouyer@antioche.lip6.fr>
List: tech-security
Date: 10/18/2000 13:52:25

  by mail.netbsd.org with SMTP; 18 Oct 2000 11:52:28 -0000
	by antioche.lip6.fr (8.10.1/8.10.1) with ESMTP id e9IBqPv15965;
	Wed, 18 Oct 2000 13:52:25 +0200 (MEST)
Date: Wed, 18 Oct 2000 13:52:25 +0200
From: Manuel Bouyer <bouyer@antioche.lip6.fr>
To: Curt Sampson <cjs@cynic.net>
Cc: Hubert Feyrer <hubert.feyrer@informatik.fh-regensburg.de>,
   tech-security@netbsd.org
Subject: Re: setuid ssh
Message-ID: <20001018135225.A7705@antioche.lip6.fr>
References: <Pine.GSO.4.21.0010172342220.29711-100000@rfhpc8320.fh-regensburg.de> <Pine.LNX.4.21.0010171750130.1182-100000@fmh.fw.px.fulton.blink.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <Pine.LNX.4.21.0010171750130.1182-100000@fmh.fw.px.fulton.blink.com>; from Curt Sampson on Tue, Oct 17, 2000 at 05:51:10PM -0400

On Tue, Oct 17, 2000 at 05:51:10PM -0400, Curt Sampson wrote:
> On Tue, 17 Oct 2000, Hubert Feyrer wrote:
> 
> > which ones?
> 
> Aside from the usual dangers of buffer overflows and whatnot, it enables
> rhosts. Charles can probably provide better details.

And then ? This can be disabled in the config file.
I do use rhosts with ssh

--
Manuel Bouyer, LIP6, Universite Paris VI.           Manuel.Bouyer@lip6.fr
--