summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2014-02-09 16:10:13 +0000
committerColin Watson <cjwatson@debian.org>2016-12-28 20:05:07 +0000
commit76b2e45116ded18137a30406cf5f22b11b9feeab (patch)
tree1262f5718cab5546869383998099b0e74dd9ad00
parent1bf9a6bfb80250544b8ff1d50c94a4c851d9fb2e (diff)
Document consequences of ssh-agent being setgid in ssh-agent(1)
Bug-Debian: http://bugs.debian.org/711623 Forwarded: no Last-Update: 2013-06-08 Patch-Name: ssh-agent-setgid.patch
-rw-r--r--ssh-agent.115
1 files changed, 15 insertions, 0 deletions
diff --git a/ssh-agent.1 b/ssh-agent.1
index 83b2b41c8..7230704a3 100644
--- a/ssh-agent.1
+++ b/ssh-agent.1
@@ -206,6 +206,21 @@ environment variable holds the agent's process ID.
206.Pp 206.Pp
207The agent exits automatically when the command given on the command 207The agent exits automatically when the command given on the command
208line terminates. 208line terminates.
209.Pp
210In Debian,
211.Nm
212is installed with the set-group-id bit set, to prevent
213.Xr ptrace 2
214attacks retrieving private key material.
215This has the side-effect of causing the run-time linker to remove certain
216environment variables which might have security implications for set-id
217programs, including
218.Ev LD_PRELOAD ,
219.Ev LD_LIBRARY_PATH ,
220and
221.Ev TMPDIR .
222If you need to set any of these environment variables, you will need to do
223so in the program executed by ssh-agent.
209.Sh FILES 224.Sh FILES
210.Bl -tag -width Ds 225.Bl -tag -width Ds
211.It Pa $TMPDIR/ssh-XXXXXXXXXX/agent.<ppid> 226.It Pa $TMPDIR/ssh-XXXXXXXXXX/agent.<ppid>