Subject: Re: setuid ssh
To: Curt Sampson <cjs@cynic.net>
From: Greg A. Woods <woods@weird.com>
List: tech-security
Date: 10/20/2000 14:27:02
by mail.netbsd.org with SMTP; 20 Oct 2000 18:31:19 -0000
via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp
(sender: <woods@proven.weird.com>) (ident <[oA7+nrqZbzBJ7jTjAepKHJl/Xp2ZF+OM]> using rfc1413)
id <m13mgst-000g6SC@most.weird.com>
for <tech-security@netbsd.org>; Fri, 20 Oct 2000 14:27:15 -0400 (EDT)
(Smail-3.2.0.112-Pre 2000-Feb-17 #1 built 2000-Oct-4)
id E976D4; Fri, 20 Oct 2000 14:27:02 -0400 (EDT)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
From: woods@weird.com (Greg A. Woods)
To: Curt Sampson <cjs@cynic.net>
Cc: tech-security@netbsd.org,
Hubert Feyrer <hubert.feyrer@informatik.fh-regensburg.de>,
Manuel Bouyer <bouyer@antioche.lip6.fr>,
Andrew Brown <atatat@atatdot.net>, Jason R Thorpe <thorpej@zembu.com>
Subject: Re: setuid ssh
In-Reply-To: <Pine.NEB.4.21.0010181440492.6544-100000@agnostic.union.cynic.net>
References: <20001018135225.A7705@antioche.lip6.fr>
<Pine.NEB.4.21.0010181440492.6544-100000@agnostic.union.cynic.net>
Reply-To: woods@weird.com (Greg A. Woods)
Organization: Planix, Inc.; Toronto, Ontario; Canada
Message-Id: <20001020182702.E976D4@proven.weird.com>
Date: Fri, 20 Oct 2000 14:27:02 -0400 (EDT)
[ On Thursday, October 19, 2000 at 08:40:47 (-0400), Curt Sampson wrote: ]
> Subject: Re: setuid ssh
>
> I know that people use rhosts with ssh.
Indeed we do! (Well actually I use ~/.shosts, but the needs are the
same).
> If you do this, you can
> turn on the setuid bit just as easily as I could change the config
> file. But the standard practice for NetBSD appears to me to be to
> ship in a more secure configuration by default.
There's still ample room for debate on whether or not SUID SSH is in
fact ``insecure'' in any way (except in some site-specific
configurations where the lack of ultimate security is not really SSH's
fault but rather the fault of the way that site's infrastructure has
been designed and implemented).
> If we're going to
> go the other way, you could argue that people do legitimately use
> rsh and thus we should leave shell and login services enabled by
> default in inetd.conf.
There's a *HUMONGOUS* difference between SUID SSH and wide-open
telnet/rsh/rlogin/ftp, etc.!!!!!!!!
Once upon a time there was a variable called SSH_SUID (for the pkgsrc
SSH module).
Why oh why oh why wasn't this poor little creature propogated up to the
system build infrastructure along with SSH!?!?!?!?!?!?!?!?!?!?!?!?!?!?!?
It would seem to answer all the issues presented in this thread and then
some if it were set to some sane default in /etc/mk.conf.
--
Greg A. Woods
+1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>