by redmail.netbsd.org with SMTP; 3 Nov 1999 23:19:07 -0000
	by Twig.Rodents.Montreal.QC.CA (8.8.8/8.8.8) id SAA17261;
	Wed, 3 Nov 1999 18:19:02 -0500 (EST)
Date: Wed, 3 Nov 1999 18:19:02 -0500 (EST)
From: der Mouse  <mouse@Rodents.Montreal.QC.CA>
Message-Id: <199911032319.SAA17261@Twig.Rodents.Montreal.QC.CA>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
To: tech-security@netbsd.org
Subject: Re: evil? sshd patch

>> I may have multiple superuser logins, some of which are captive in
>> various ways;
> root is root (meaning uid zero here, of course).  root cannot be made
> a captive.  unless you've done something that you haven't told us
> about.

It's easy enough; just give the login a "shell" that allows only
certain actions.  Some automated backup setups work this way, for
example.

					der Mouse

			       mouse@rodents.montreal.qc.ca
		     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B