summaryrefslogtreecommitdiff
path: root/ssh-agent.1
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2013-06-08 22:18:07 +0100
committerColin Watson <cjwatson@debian.org>2013-06-08 22:18:07 +0100
commit074489e1e6e97c75d87750035dbaf8c693e9736e (patch)
tree838e11a456ea7152c71417acd2c71060dc6c7707 /ssh-agent.1
parent04603e44daf10700cc3d987e4119efd9a30bb259 (diff)
Document consequences of ssh-agent being setgid in ssh-agent(1); see
#711623.
Diffstat (limited to 'ssh-agent.1')
-rw-r--r--ssh-agent.115
1 files changed, 15 insertions, 0 deletions
diff --git a/ssh-agent.1 b/ssh-agent.1
index bb801c902..d370531bb 100644
--- a/ssh-agent.1
+++ b/ssh-agent.1
@@ -182,6 +182,21 @@ environment variable holds the agent's process ID.
182.Pp 182.Pp
183The agent exits automatically when the command given on the command 183The agent exits automatically when the command given on the command
184line terminates. 184line terminates.
185.Pp
186In Debian,
187.Nm
188is installed with the set-group-id bit set, to prevent
189.Xr ptrace 2
190attacks retrieving private key material.
191This has the side-effect of causing the run-time linker to remove certain
192environment variables which might have security implications for set-id
193programs, including
194.Ev LD_PRELOAD ,
195.Ev LD_LIBRARY_PATH ,
196and
197.Ev TMPDIR .
198If you need to set any of these environment variables, you will need to do
199so in the program executed by ssh-agent.
185.Sh FILES 200.Sh FILES
186.Bl -tag -width Ds 201.Bl -tag -width Ds
187.It Pa ~/.ssh/identity 202.It Pa ~/.ssh/identity