tech-security: Re: setuid ssh

Subject: Re: setuid ssh
To: Andrew Brown <atatat@atatdot.net>
From: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>
List: tech-security
Date: 10/18/2000 09:11:23

  by mail.netbsd.org with SMTP; 18 Oct 2000 13:11:29 -0000
	id 9F5132A2A; Wed, 18 Oct 2000 09:11:28 -0400 (EDT)
	by orchard.arlington.ma.us (Postfix) with ESMTP
	id 8E2A41FCD; Wed, 18 Oct 2000 09:11:28 -0400 (EDT)
To: Andrew Brown <atatat@atatdot.net>
Cc: Curt Sampson <cjs@cynic.net>,
	Hubert Feyrer <hubert.feyrer@informatik.fh-regensburg.de>,
	tech-security@netbsd.org
Subject: Re: setuid ssh 
In-Reply-To: Message from Andrew Brown <atatat@atatdot.net> 
   of "Tue, 17 Oct 2000 21:36:59 EDT." <20001017213658.A20383@noc.untraceable.net> 
Reply-To: sommerfeld@orchard.arlington.ma.us
Date: Wed, 18 Oct 2000 09:11:23 -0400
From: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>
Message-Id: <20001018131128.9F5132A2A@orchard.arlington.ma.us>

yay.

.rhosts and .rhosts/rsa must die.

setuid ssh also prevents "runsocks ssh" from working.

(the lack of getaddrinfo support in socks5 also prevents "runsocks
ssh" from working, but I've got patches for the latter around here
somewhere...)

					- Bill