Subject: Re: setuid ssh
To: Jason R Thorpe <thorpej@zembu.com>
From: David Brownlee <abs@netbsd.org>
List: tech-security
Date: 10/19/2000 08:52:14
  by mail.netbsd.org with SMTP; 19 Oct 2000 08:33:24 -0000
	Thu, 19 Oct 2000 08:52:14 +0100 (BST)
Date: Thu, 19 Oct 2000 08:52:14 +0100 (BST)
From: David Brownlee <abs@netbsd.org>
To: Jason R Thorpe <thorpej@zembu.com>
cc: matthew green <mrg@eterna.com.au>, <cjs@cynic.net>,
   <tech-security@netbsd.org>
Subject: Re: setuid ssh
In-Reply-To: <20001018223958.E736@dr-evil.shagadelic.org>
Message-ID: <Pine.NEB.4.29.9999.0010190849460.771-100000@localhost>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

	How feasible would it be to have a setuid ssh read the config in
	/etc and drop setuid immediately based on a config option there?

	For those who do not want setuid its not a good as it not having
	it, but it may be better than current.

	Just a random thought.

                David/absolute
			       -- www.netbsd.org: A pmap for every occasion --