by redmail.netbsd.org with SMTP; 3 Nov 1999 17:20:17 -0000
	by noc.untraceable.net (8.10.0.Beta6/8.10.0.Beta6/bonk!) id dA3HHug22781;
	Wed, 3 Nov 1999 12:17:56 -0500 (EST)
Date: Wed, 3 Nov 1999 12:17:56 -0500
From: Andrew Brown <atatat@atatdot.net>
To: "Kevin P. Neal" <kpneal@pobox.com>
Cc: tech-security@netbsd.org
Subject: Re: evil? sshd patch
Message-ID: <19991103121756.A22768@noc.untraceable.net>
Reply-To: Andrew Brown <atatat@atatdot.net>
References: <199911031352.IAA14915@Twig.Rodents.Montreal.QC.CA> <19991103121326.A18372@tome.neutralgood.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <19991103121326.A18372@tome.neutralgood.org>; from kpneal@pobox.com on Wed, Nov 03, 1999 at 12:13:26PM -0500
Return-Receipt-To: receipts@daemon.org
Errors-To: errrors@graffiti.com

>> This is a gaping security hole waiting to happen to some site whose
>> local super-user is named something other than root.  (I'd expect you,
>> as someone in Oz-land, would be aware of this possibility.... :-)
>
>I know a guy who does just this. His 'root' account is named after
>cartoon characters.

well...geez...

-            || (auth_rsa(getpwnam("root"), &n, &sensitive_data.random_state,
+            || (auth_rsa(getpwuid(0), &n, &sensitive_data.random_state,

or do you know someone who changed the root uid as well?  :)

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."