Hi,
By default the configure script has this option enabled:
--enable-suid-ssh
Could it be disabled by default in the case where openSSH is not
installed by root?
I'm in the peculiar situation where I had to install OpenSSH as a
regular user to be able to connect to outside machines. I've built
OpenSHH without specifying "--disable-suid-ssh":
$ /usr/ucb/whoami
papadopo
$ ls -l /usr/local/openssh-3.1p1/bin/ssh /usr/local/openssh-3.2.3p1/bin/ssh
-rws--x--x 1 Plocal Glocal 1332064 Mar 8 14:03
/usr/local/openssh-3.1p1/bin/ssh
-rws--x--x 1 Plocal Glocal 1379020 May 24 11:29
/usr/local/openssh-3.2.3p1/bin/ssh
$
As you can see the set-ID bit is set for OpenSSH 3.1p1 and
OpenSSH 3.2.3p1. The problem is that the user/group Plocal/Glocal
under which OpenSSH is installed is a special user. I can log to
this user without password through NIS mechanisms, for reasons beyond
my reach.
The result is that OpenSSH will ignore my personal config file.
If I reset the set-ID bit of ssh, the config file is taken into
account again.
I do agree this is really a peculiar installation. However I would
suggest that the set-ID bit is not set when the installer is not
root, if at all possible.
Best Regards,
Dimitri
