diff options
author | Colin Watson <cjwatson@debian.org> | 2014-02-09 16:10:13 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2016-01-04 15:07:01 +0000 |
commit | 0f29b62fb2529bd6341dae7bea1271f5b967ece0 (patch) | |
tree | 9c976ac2b3f72c7f5d330d73cd15bd8ca3b245b1 /ssh-agent.1 | |
parent | 5e6ecf32f56fa0c7d102239b74ae09bd4186c5a3 (diff) |
Document consequences of ssh-agent being setgid in ssh-agent(1)
Bug-Debian: http://bugs.debian.org/711623
Forwarded: no
Last-Update: 2013-06-08
Patch-Name: ssh-agent-setgid.patch
Diffstat (limited to 'ssh-agent.1')
-rw-r--r-- | ssh-agent.1 | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/ssh-agent.1 b/ssh-agent.1 index d0aa712f1..2a940d9ff 100644 --- a/ssh-agent.1 +++ b/ssh-agent.1 | |||
@@ -186,6 +186,21 @@ environment variable holds the agent's process ID. | |||
186 | .Pp | 186 | .Pp |
187 | The agent exits automatically when the command given on the command | 187 | The agent exits automatically when the command given on the command |
188 | line terminates. | 188 | line terminates. |
189 | .Pp | ||
190 | In Debian, | ||
191 | .Nm | ||
192 | is installed with the set-group-id bit set, to prevent | ||
193 | .Xr ptrace 2 | ||
194 | attacks retrieving private key material. | ||
195 | This has the side-effect of causing the run-time linker to remove certain | ||
196 | environment variables which might have security implications for set-id | ||
197 | programs, including | ||
198 | .Ev LD_PRELOAD , | ||
199 | .Ev LD_LIBRARY_PATH , | ||
200 | and | ||
201 | .Ev TMPDIR . | ||
202 | If you need to set any of these environment variables, you will need to do | ||
203 | so in the program executed by ssh-agent. | ||
189 | .Sh FILES | 204 | .Sh FILES |
190 | .Bl -tag -width Ds | 205 | .Bl -tag -width Ds |
191 | .It Pa $TMPDIR/ssh-XXXXXXXXXX/agent.\*(Ltppid\*(Gt | 206 | .It Pa $TMPDIR/ssh-XXXXXXXXXX/agent.\*(Ltppid\*(Gt |