Re: security limitation for RSAAuthentication with StrictModes

[coxa () cableol net (Alan Cox)]

mhpower () MIT EDU wrote:

>   Debian Linux, including version 1.1, and specifically including
>   versions 1.1.0-13 and 1.1.0-14 of the "base" package. Check
>   /etc/passwd for:  nobody:*:65534:65534:nobody:/tmp:/bin/sh
>
>   SunOS versions outside of the Solaris 2.x series, including SunOS
>   4.1.4. Check /etc/passwd for:  uucp:*:4:8::/var/spool/uucppublic:

These should also be fixed because there are other tools that don't
check ownership and rules (like fingerd). True ssh should have
yelled about the problem and refused to log you in, also true nobody
should have shipped such an elementary mistake

Alan