by mail.netbsd.org with SMTP; 18 Oct 2000 20:04:03 -0000
	by antioche.lip6.fr (8.10.1/8.10.1) with ESMTP id e9IK3xv21994;
	Wed, 18 Oct 2000 22:03:59 +0200 (MEST)
	by rochebonne.antioche.eu.org (8.11.0/8.9.3) id e9IIePD00238;
	Wed, 18 Oct 2000 20:40:25 +0200 (MEST)
Date: Wed, 18 Oct 2000 20:40:25 +0200
From: Manuel Bouyer <bouyer@antioche.lip6.fr>
To: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>
Cc: Andrew Brown <atatat@atatdot.net>, Curt Sampson <cjs@cynic.net>,
   Hubert Feyrer <hubert.feyrer@informatik.fh-regensburg.de>,
   tech-security@netbsd.org
Subject: Re: setuid ssh
Message-ID: <20001018204025.A231@antioche.eu.org>
References: <atatat@atatdot.net> <20001018131128.9F5132A2A@orchard.arlington.ma.us>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <20001018131128.9F5132A2A@orchard.arlington.ma.us>; from sommerfeld@orchard.arlington.ma.us on Wed, Oct 18, 2000 at 09:11:23AM -0400

On Wed, Oct 18, 2000 at 09:11:23AM -0400, Bill Sommerfeld wrote:
> yay.
> 
> .rhosts and .rhosts/rsa must die.

I dissagree. .rhosts/rsa is really usefull in my environnment, and as the
users's home directories are on a NFS server I don't really care if it's
secure or not. A hacker could put a RSA key in a user's home directory
as well.

--
Manuel Bouyer <bouyer@antioche.eu.org>
--