summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2014-02-09 16:10:13 +0000
committerColin Watson <cjwatson@debian.org>2015-11-29 17:36:19 +0000
commit76ec1a4c34296f1485ce98e301a3d35c9779c2ea (patch)
treee79371f7dc0abc4e12d1bd8e14f76a7d7d62c63f
parentfc8c21a1b1b6710b2b41a8daef56d00bfb19885d (diff)
Document consequences of ssh-agent being setgid in ssh-agent(1)
Bug-Debian: http://bugs.debian.org/711623 Forwarded: no Last-Update: 2013-06-08 Patch-Name: ssh-agent-setgid.patch
-rw-r--r--ssh-agent.115
1 files changed, 15 insertions, 0 deletions
diff --git a/ssh-agent.1 b/ssh-agent.1
index d0aa712f1..2a940d9ff 100644
--- a/ssh-agent.1
+++ b/ssh-agent.1
@@ -186,6 +186,21 @@ environment variable holds the agent's process ID.
186.Pp 186.Pp
187The agent exits automatically when the command given on the command 187The agent exits automatically when the command given on the command
188line terminates. 188line terminates.
189.Pp
190In Debian,
191.Nm
192is installed with the set-group-id bit set, to prevent
193.Xr ptrace 2
194attacks retrieving private key material.
195This has the side-effect of causing the run-time linker to remove certain
196environment variables which might have security implications for set-id
197programs, including
198.Ev LD_PRELOAD ,
199.Ev LD_LIBRARY_PATH ,
200and
201.Ev TMPDIR .
202If you need to set any of these environment variables, you will need to do
203so in the program executed by ssh-agent.
189.Sh FILES 204.Sh FILES
190.Bl -tag -width Ds 205.Bl -tag -width Ds
191.It Pa $TMPDIR/ssh-XXXXXXXXXX/agent.\*(Ltppid\*(Gt 206.It Pa $TMPDIR/ssh-XXXXXXXXXX/agent.\*(Ltppid\*(Gt