summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2014-02-09 16:10:13 +0000
committerColin Watson <cjwatson@debian.org>2016-01-14 15:07:37 +0000
commit7566d3563c174cc339da8b72833e66614cfc1458 (patch)
tree5df2c7b2b40e065d530a87abf8dbdb8024abb21a
parent17063f049ca0f00cb455eed0852405bc9abe6213 (diff)
Document consequences of ssh-agent being setgid in ssh-agent(1)
Bug-Debian: http://bugs.debian.org/711623 Forwarded: no Last-Update: 2013-06-08 Patch-Name: ssh-agent-setgid.patch
-rw-r--r--ssh-agent.115
1 files changed, 15 insertions, 0 deletions
diff --git a/ssh-agent.1 b/ssh-agent.1
index d0aa712f1..2a940d9ff 100644
--- a/ssh-agent.1
+++ b/ssh-agent.1
@@ -186,6 +186,21 @@ environment variable holds the agent's process ID.
186.Pp 186.Pp
187The agent exits automatically when the command given on the command 187The agent exits automatically when the command given on the command
188line terminates. 188line terminates.
189.Pp
190In Debian,
191.Nm
192is installed with the set-group-id bit set, to prevent
193.Xr ptrace 2
194attacks retrieving private key material.
195This has the side-effect of causing the run-time linker to remove certain
196environment variables which might have security implications for set-id
197programs, including
198.Ev LD_PRELOAD ,
199.Ev LD_LIBRARY_PATH ,
200and
201.Ev TMPDIR .
202If you need to set any of these environment variables, you will need to do
203so in the program executed by ssh-agent.
189.Sh FILES 204.Sh FILES
190.Bl -tag -width Ds 205.Bl -tag -width Ds
191.It Pa $TMPDIR/ssh-XXXXXXXXXX/agent.\*(Ltppid\*(Gt 206.It Pa $TMPDIR/ssh-XXXXXXXXXX/agent.\*(Ltppid\*(Gt