by mail.netbsd.org with SMTP; 18 Oct 2000 14:00:34 -0000
	by noc.untraceable.net (8.11.1/8.11.1/bonk!) id e9IE0S329860;
	Wed, 18 Oct 2000 10:00:28 -0400 (EDT)
Date: Wed, 18 Oct 2000 10:00:28 -0400
From: Andrew Brown <atatat@atatdot.net>
To: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>
Cc: Atsushi Onoe <onoe@sm.sony.co.jp>, cjs@cynic.net,
   hubert.feyrer@informatik.fh-regensburg.de, tech-security@netbsd.org
Subject: Re: setuid ssh
Message-ID: <20001018100028.B29756@noc.untraceable.net>
Reply-To: Andrew Brown <atatat@atatdot.net>
References: <atatat@atatdot.net> <20001018135433.C15B42A2A@orchard.arlington.ma.us>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20001018135433.C15B42A2A@orchard.arlington.ma.us>; from sommerfeld@orchard.arlington.ma.us on Wed, Oct 18, 2000 at 09:54:28AM -0400
Return-Receipt-To: receipts@daemon.org

>> as long as you don't copy that key anywhere.  
>
>If I copy the host key, .rhosts/rsa has the same problem.

granted, but why would you do that?  i've never had any call to do
that.  except to maintain keying after a *major* upgrade (ie, replace
machine and host software).

>if ~backup/.ssh/identity and /etc/ssh_host_key are (effectively)
>protected the same, all bets are off.

well...they're both 0700, but one belongs to the user and the other
belongs to root.

>(surely you don't actually believe that an attacker can't quietly
>usurp the host's ip address ..)

i believe they can, but am placing the difficulty level a little
higher than breaking into a machine via some other means and obtaining
root privs (so as to steal all the keys).

and don't call me shirley.  :P

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."