Disable /usr/bin/ssh being setuid root by default. Let the variable

ENABLE_SUID_SSH being defined reenable it for those that want it. This follows discussion favoring the change from September. It is not usually necessary to be setuid root, possibly less safe, and less convenient (cannot use $HOSTALIASES, for example). Submitted by: jedgar
svn path=/head/; revision=68705
2000-11-14 04:42:25 +00:00 · 2000-11-14 04:42:25 +00:00 · 087815f8bc · 2020-12-20 02:59:44 +00:00
commit 087815f8bc
parent 03e72be8c8
3 changed files with 8 additions and 0 deletions
--- a/etc/defaults/make.conf
+++ b/etc/defaults/make.conf
@ -57,6 +57,9 @@ BDECFLAGS=	-W -Wall -ansi -pedantic -Wbad-function-cast -Wcast-align \
 # To build ppp with normal permissions
 #PPP_NOSUID=	true
 #
+# To enable installing ssh(1) with the setuid bit turned on
+#ENABLE_SUID_SSH=	true
+#
 # To avoid building various parts of the base system:
 #NO_CVS=	true	# do not build CVS
 #NO_BIND=	true	# do not build BIND
--- a/secure/usr.bin/ssh/Makefile
+++ b/secure/usr.bin/ssh/Makefile
@ -5,7 +5,9 @@ SSHSRC=	${.CURDIR}/../../../crypto/openssh

 PROG=	ssh
 BINOWN=	root
+.if defined(ENABLE_SUID_SSH)
 BINMODE=4555
+.endif
 MAN1=	ssh.1
 LINKS=	${BINDIR}/ssh ${BINDIR}/slogin
 MLINKS=	ssh.1 slogin.1
--- a/share/examples/etc/make.conf
+++ b/share/examples/etc/make.conf
@ -57,6 +57,9 @@ BDECFLAGS=	-W -Wall -ansi -pedantic -Wbad-function-cast -Wcast-align \
 # To build ppp with normal permissions
 #PPP_NOSUID=	true
 #
+# To enable installing ssh(1) with the setuid bit turned on
+#ENABLE_SUID_SSH=	true
+#
 # To avoid building various parts of the base system:
 #NO_CVS=	true	# do not build CVS
 #NO_BIND=	true	# do not build BIND