by mail.netbsd.org with SMTP; 21 Oct 2000 03:24:50 -0000
 by hrothgar.gw.com (8.9.3/8.8.6.Beta0/2.1.kim) with USENET id WAA18822
 for tech-security@netbsd.org; Fri, 20 Oct 2000 22:55:35 -0400 (EDT)
	for tech-security@netbsd.org (tech-security@netbsd.org)
To: tech-security@netbsd.org
Date: Sat, 21 Oct 2000 02:52:24 GMT
From: christos@zoulas.com (Christos Zoulas)
Message-ID: <G2rEnC.EBL@tac.nyc.ny.us>
Organization: Trans-Atlantic Communications
References: <20001018223958.E736@dr-evil.shagadelic.org>, <Pine.NEB.4.29.9999.0010190849460.771-100000@localhost>
Subject: Re: setuid ssh

In article <Pine.NEB.4.29.9999.0010190849460.771-100000@localhost>,
David Brownlee <abs@netbsd.org> wrote:
> 	How feasible would it be to have a setuid ssh read the config in
> 	/etc and drop setuid immediately based on a config option there?
> 
> 	For those who do not want setuid its not a good as it not having
> 	it, but it may be better than current.

no, because it will break again hostaliases for issetugid()!

christos