by redmail.netbsd.org with SMTP; 3 Nov 1999 17:30:30 -0000
	by Twig.Rodents.Montreal.QC.CA (8.8.8/8.8.8) id MAA15846;
	Wed, 3 Nov 1999 12:30:19 -0500 (EST)
Date: Wed, 3 Nov 1999 12:30:19 -0500 (EST)
From: der Mouse  <mouse@Rodents.Montreal.QC.CA>
Message-Id: <199911031730.MAA15846@Twig.Rodents.Montreal.QC.CA>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
To: tech-security@netbsd.org
Subject: Re: evil? sshd patch

>>> This is a gaping security hole waiting to happen to some site whose
>>> local super-user is named something other than root.
>> I know a guy who does just this.  His 'root' account is named after
>> cartoon characters.

> well...geez...

> -            || (auth_rsa(getpwnam("root"), &n, &sensitive_data.random_state,
> +            || (auth_rsa(getpwuid(0), &n, &sensitive_data.random_state,

But which uid-0 account do you get?  (Actually, I suppose it doesn't
much matter; all Ylonen-derived sshes I know of are already severely
broken in the presence of multiple passwd entries with a single UID.
Their response to my bug report was basically "don't do that".)

I'd still rather see this specified in sshd_config (including the magic
user's name), disabled by default.

					der Mouse

			       mouse@rodents.montreal.qc.ca
		     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B