Bug#911974: openssh-client: please avoid shipping setuid ssh-keysign by default
Package: openssh-client
Version: 1:7.9p1-1
Severity: wishlist
/usr/lib/openssh/ssh-keysign is one of only a few setuid programs left
on a modern system. It looks like it is *probably* relatively safe --
not enabled by default due to configurations set in
/etc/ssh/ssh_config, checking that config file early before doing much
else, etc.
however, i suspect that this file isn't used at all by most people
(host-based authentication is generally discouraged), and those admins
that do require it can probably install a separate package, or answer
a non-default debconf question, or something comparable that doesn't
leave a setuid binary on most installations.
Reducing the setuid attack surface would be nice!
--dkg
-- System Information:
Debian Release: buster/sid
APT prefers testing-debug
APT policy: (500, 'testing-debug'), (500, 'testing'), (200, 'unstable-debug'), (200, 'unstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.18.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages openssh-client depends on:
ii adduser 3.118
ii dpkg 1.19.2
ii libc6 2.27-6
ii libedit2 3.1-20180525-1
ii libgssapi-krb5-2 1.16.1-1
ii libselinux1 2.8-1+b1
ii libssl1.1 1.1.1-1
ii passwd 1:4.5-1.1
ii zlib1g 1:1.2.11.dfsg-1
Versions of packages openssh-client recommends:
ii xauth 1:1.0.10-1
Versions of packages openssh-client suggests:
pn keychain <none>
pn libpam-ssh <none>
ii monkeysphere 0.42-2
ii ssh-askpass 1:1.2.4.1-10
-- Configuration Files:
/etc/ssh/ssh_config changed [not included]
-- no debconf information
Reply to: