diff options
author | Colin Watson <cjwatson@debian.org> | 2014-02-09 16:10:13 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2019-06-05 13:11:53 +0100 |
commit | 9e040aefaefa40bcbe5dcdc0f9f03555cf8fe2d0 (patch) | |
tree | 80ddfa3d77b602eacf84c86d4190034d48e1ee42 | |
parent | 099b0bdc57b9a21842c457d83ff9488fa814c9c4 (diff) |
Document consequences of ssh-agent being setgid in ssh-agent(1)
Bug-Debian: http://bugs.debian.org/711623
Forwarded: no
Last-Update: 2013-06-08
Patch-Name: ssh-agent-setgid.patch
-rw-r--r-- | ssh-agent.1 | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/ssh-agent.1 b/ssh-agent.1 index 83b2b41c8..7230704a3 100644 --- a/ssh-agent.1 +++ b/ssh-agent.1 | |||
@@ -206,6 +206,21 @@ environment variable holds the agent's process ID. | |||
206 | .Pp | 206 | .Pp |
207 | The agent exits automatically when the command given on the command | 207 | The agent exits automatically when the command given on the command |
208 | line terminates. | 208 | line terminates. |
209 | .Pp | ||
210 | In Debian, | ||
211 | .Nm | ||
212 | is installed with the set-group-id bit set, to prevent | ||
213 | .Xr ptrace 2 | ||
214 | attacks retrieving private key material. | ||
215 | This has the side-effect of causing the run-time linker to remove certain | ||
216 | environment variables which might have security implications for set-id | ||
217 | programs, including | ||
218 | .Ev LD_PRELOAD , | ||
219 | .Ev LD_LIBRARY_PATH , | ||
220 | and | ||
221 | .Ev TMPDIR . | ||
222 | If you need to set any of these environment variables, you will need to do | ||
223 | so in the program executed by ssh-agent. | ||
209 | .Sh FILES | 224 | .Sh FILES |
210 | .Bl -tag -width Ds | 225 | .Bl -tag -width Ds |
211 | .It Pa $TMPDIR/ssh-XXXXXXXXXX/agent.<ppid> | 226 | .It Pa $TMPDIR/ssh-XXXXXXXXXX/agent.<ppid> |