I'm sure there is a rationale for binding the ssh client to a
priviledged port. (Which?)
However there are several drawbacks to this:
o It breaks firewall rules that assume that user connections start at
port > 1024 or > 32768.
o It breaks monitoring software using the same assumptions.
o Every suid program is a separate evil (caused by the flawed security
model in most unices).
I therefore suggest that distribution ship with no suid.
Anyway, thanks for a great piece of software.
/Ola Sigurdson
priviledged port. (Which?)
However there are several drawbacks to this:
o It breaks firewall rules that assume that user connections start at
port > 1024 or > 32768.
o It breaks monitoring software using the same assumptions.
o Every suid program is a separate evil (caused by the flawed security
model in most unices).
I therefore suggest that distribution ship with no suid.
Anyway, thanks for a great piece of software.
/Ola Sigurdson