Re: SUID program removal
From: Jason Day (jasonday@mediaone.net)Date: 10/19/01
- Previous message: Chris Wilkes: "Re: SSH security"
- In reply to: Johannes B. Ullrich: "Re: SUID program removal"
- Next in thread: Pekka Aleksi Knuutila: "Re: SUID program removal"
- Next in thread: Scott Gifford: "Re: SUID program removal"
- Reply: Pekka Aleksi Knuutila: "Re: SUID program removal"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 19 Oct 2001 11:47:44 -0400 From: Jason Day <jasonday@mediaone.net> To: "Johannes B. Ullrich" <jullrich@euclidian.com> Subject: Re: SUID program removal Message-ID: <20011019114744.A1335@spiderman.cherlon.com>
On Wed, Oct 17, 2001 at 09:40:08PM -0400, Johannes B. Ullrich wrote:
[snip]
> ssh should stay suid...
> /usr/bin/ssh
Only if you need to use rhosts-based authentication, which you also
recommend against (so would I ;). You can (and should, IMHO) safely remove
the suid bit on ssh, as long as you tell ssh to not use a privileged port,
either by using the -P option, or by setting "UsePrivilegedPort no" in the
ssh config file.
[rest snipped]
-- Jason Day jasonday at http://jasonday.home.att.net mediaone dot net "Of course I'm paranoid, everyone is trying to kill me." -- Weyoun-6, Star Trek: Deep Space 9
- Previous message: Chris Wilkes: "Re: SSH security"
- In reply to: Johannes B. Ullrich: "Re: SUID program removal"
- Next in thread: Pekka Aleksi Knuutila: "Re: SUID program removal"
- Next in thread: Scott Gifford: "Re: SUID program removal"
- Reply: Pekka Aleksi Knuutila: "Re: SUID program removal"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
