by redmail.netbsd.org with SMTP; 3 Nov 1999 13:52:43 -0000
	by Twig.Rodents.Montreal.QC.CA (8.8.8/8.8.8) id IAA14915;
	Wed, 3 Nov 1999 08:52:38 -0500 (EST)
Date: Wed, 3 Nov 1999 08:52:38 -0500 (EST)
From: der Mouse  <mouse@Rodents.Montreal.QC.CA>
Message-Id: <199911031352.IAA14915@Twig.Rodents.Montreal.QC.CA>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
To: tech-security@netbsd.org
Subject: Re: evil? sshd patch

> I have a simple patch for sshd that allows someone who can RSA
> authenticate as root, to authenticate as anyone.

I like the idea behind this.  But I don't like this particular patch,
because it is not "someone who can RSA authenticate as a super-user",
but rather "someone who can RSA authenticate as whoever `root' is".
This is a gaping security hole waiting to happen to some site whose
local super-user is named something other than root.  (I'd expect you,
as someone in Oz-land, would be aware of this possibility.... :-)

If this were off by default and had to be specifically enabled in the
sshd_config on the remote machine, including specifying the empowering
user name, I'd love it.

					der Mouse

			       mouse@rodents.montreal.qc.ca
		     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B