by mail.netbsd.org with SMTP; 21 Oct 2000 03:15:45 -0000
	by lox.sandelman.ottawa.on.ca (8.8.7/8.8.8) with ESMTP id XAA14944
	for <tech-security@netbsd.org>; Fri, 20 Oct 2000 23:17:29 -0400 (EDT)
	by marajade.sandelman.ottawa.on.ca (8.11.0/8.11.0) with ESMTP id e9L2nf811327
	for <tech-security@netbsd.org>; Fri, 20 Oct 2000 22:49:41 -0400 (EDT)
Message-Id: <200010210249.e9L2nf811327@marajade.sandelman.ottawa.on.ca>
To: tech-security@netbsd.org (NetBSD Security Technical Discussion List)
Subject: Re: setuid ssh 
In-reply-to: Your message of "Fri, 20 Oct 2000 15:18:42 EDT."
             <20001020191842.BE4324@proven.weird.com> 
Mime-Version: 1.0 (generated by tm-edit 7.108)
Content-Type: text/plain; charset=US-ASCII
Date: Fri, 20 Oct 2000 22:49:41 -0400
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>


>>>>> "Greg" == Greg A Woods <woods@weird.com> writes:
    Greg> The private host key file could be owned by, and readable by only, any
    Greg> user other than root, I suppose, but ssh/slogin would still have to be
    Greg> setuid -- just not to root.  In the end this doesn't protect the

  Another solution would be to have a "known_hosts.d" directory that was set 
to 1777, or could even be setgid.

]      Out and about in Ottawa.    hmmm... beer.                |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [