Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- F-SECURE /usr/local/sbin/sshd
- all mail refused
December 17, 2003, 9:32 pm
rate this thread
I've seen one installed as -rws--x--x root sys and I hope that's a mistake.
It's version 1.3.6, not that it probably matters.
This has obvious problems with the command-line arguments which include
the selection of config file:
umask 0 && /usr/local/sbin/sshd -f /somewhere/my_sshd_config -p 2222 -q
and stuff in that config file gets used including the creation of the
PidFile of your choice as root, mode 0666. Or the obliteration of some
Also CAN-2001-0144 mentions F-SECURE sharing some problems with other SSH
implementations - no big surprise given the common code origins. What's
the truth of the assertion that they do not suffer from the September 2003
problems ? Any test results available either way ?
Elvis Notargiacomo http://www.sendacow.org.uk/homepage.html
Re: F-SECURE /usr/local/sbin/sshd
I can't see any reason why sshd would need to be setuid. Some versions
of ssh needed to be setuid/setgid as they needed to read private host
keys, so perhaps this was done in error. 0755 (or 0500 if you're
paranoid) would seem right.
Which September 2003 problems are you referring to? CAN-2003-0693?
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum