Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. OpenSSH>
  3. Bugs
[Bug 3470] Cannot run SSH with a different effective userid
bugzilla-daemon at mindrot
Aug 11, 2022, 5:43 PM
Post #1 of 1 (114 views)
Permalink
https://bugzilla.mindrot.org/show_bug.cgi?id=3470

Darren Tucker <dtucker@dtucker.net> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker@dtucker.net

--- Comment #1 from Darren Tucker <dtucker@dtucker.net> ---
In the past, ssh(1) could be installed setuid root (for a couple of
reasons mostly relating to hostbased and rhosts authentication).
Referencing home directories by environment variables under those
conditions would be a potential security problem.

Rhosts auth is long gone, hostbased auth has used a small setuid helper
(ssh-keysign) for many years, and a few years ago (in v7.8) we removed
support for installing ssh as setuid.

So yes there was a reason for it, but that reason is no longer there.
Changing the behaviour would be a potentially incompatible change,
however, so would need to be considered carefully.

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal