Re: getpeereid
This is a discussion on Re: getpeereid within the OpenSSH Development forums, part of the Networking and Network Related category; On Feb 24 07:12, Darren Tucker wrote: > Darren Tucker wrote: > >Corinna Vinschen wrote: > >>? ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-23-2005
|
|||
|
|||
Re: getpeereid
On Feb 24 07:12, Darren Tucker wrote:
> Darren Tucker wrote: > >Corinna Vinschen wrote: > >>? Is there any good reason why root should be able to connect to the > >>ssh-agent of a user? What is that reason? > > > >ssh is setuid root in some configurations (eg for > >RhostsRSAAuthentication, UsePrivilegedPort). > > Hmm, on the other hand, ssh should have dropped privs by that point anyway. > > On the other, other hand, it doesn't buy any additional protection since > all root has to do is "su user -c ssh whatever". > > Maybe it's to allow the use of the agent when someone su's (or sudo's) to > root? The cvs log on ssh-agent.c (rev 1.113) says: > > - markus@cvs.openbsd.org 2002/10/01 20:34:12 > [ssh-agent.c] > allow root to access the agent, since there is no protection from root. Ok, thank you for the explanation. As you might guess, I'm looking if there's any good reason at this point to add a #ifdef HAVE_CYGWIN ;-) Corinna -- Corinna Vinschen Cygwin Project Co-Leader Red Hat, Inc. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@mindrot.org http://www.mindrot.org/mailman/listi...enssh-unix-dev 
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 10:16 AM.
