Subject: Re: evil? sshd patch
To: None <>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
List: tech-security
Date: 11/03/1999 08:52:38
  by with SMTP; 3 Nov 1999 13:52:43 -0000
	by Twig.Rodents.Montreal.QC.CA (8.8.8/8.8.8) id IAA14915;
	Wed, 3 Nov 1999 08:52:38 -0500 (EST)
Date: Wed, 3 Nov 1999 08:52:38 -0500 (EST)
From: der Mouse  <mouse@Rodents.Montreal.QC.CA>
Message-Id: <199911031352.IAA14915@Twig.Rodents.Montreal.QC.CA>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Subject: Re: evil? sshd patch

> I have a simple patch for sshd that allows someone who can RSA
> authenticate as root, to authenticate as anyone.

I like the idea behind this.  But I don't like this particular patch,
because it is not "someone who can RSA authenticate as a super-user",
but rather "someone who can RSA authenticate as whoever `root' is".
This is a gaping security hole waiting to happen to some site whose
local super-user is named something other than root.  (I'd expect you,
as someone in Oz-land, would be aware of this possibility.... :-)

If this were off by default and had to be specifically enabled in the
sshd_config on the remote machine, including specifying the empowering
user name, I'd love it.

					der Mouse

		     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B