===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh.c,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -r1.29 -r1.30
--- src/usr.bin/ssh/ssh.c	1999/11/14 21:45:07	1.29
+++ src/usr.bin/ssh/ssh.c	1999/11/15 21:05:03	1.30
@@ -18,7 +18,7 @@
 */
 
 #include "includes.h"
-RCSID("$Id: ssh.c,v 1.29 1999/11/14 21:45:07 markus Exp $");
+RCSID("$Id: ssh.c,v 1.30 1999/11/15 21:05:03 markus Exp $");
 
 #include "xmalloc.h"
 #include "ssh.h"
@@ -550,6 +550,13 @@
      them.  Also, extra privileges could make it very hard to read identity
      files and other non-world-readable files from the user's home directory
      if it happens to be on a NFS volume where root is mapped to nobody. */
+
+  /* Note that some legacy systems need to postpone the following call to
+     permanently_set_uid() until the private hostkey is destroyed with
+     RSA_free().  Otherwise the calling user could ptrace() the process,
+     read the private hostkey and impersonate the host.  OpenBSD does not
+     allow ptracing of setuid processes. */
+
   permanently_set_uid(original_real_uid);
 
   /* Now that we are back to our own permissions, create ~/.ssh directory