diff options
-rw-r--r-- | ssh-agent.1 | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/ssh-agent.1 b/ssh-agent.1 index 6759afec3..25de326b4 100644 --- a/ssh-agent.1 +++ b/ssh-agent.1 | |||
@@ -181,6 +181,21 @@ environment variable holds the agent's process ID. | |||
181 | .Pp | 181 | .Pp |
182 | The agent exits automatically when the command given on the command | 182 | The agent exits automatically when the command given on the command |
183 | line terminates. | 183 | line terminates. |
184 | .Pp | ||
185 | In Debian, | ||
186 | .Nm | ||
187 | is installed with the set-group-id bit set, to prevent | ||
188 | .Xr ptrace 2 | ||
189 | attacks retrieving private key material. | ||
190 | This has the side-effect of causing the run-time linker to remove certain | ||
191 | environment variables which might have security implications for set-id | ||
192 | programs, including | ||
193 | .Ev LD_PRELOAD , | ||
194 | .Ev LD_LIBRARY_PATH , | ||
195 | and | ||
196 | .Ev TMPDIR . | ||
197 | If you need to set any of these environment variables, you will need to do | ||
198 | so in the program executed by ssh-agent. | ||
184 | .Sh FILES | 199 | .Sh FILES |
185 | .Bl -tag -width Ds | 200 | .Bl -tag -width Ds |
186 | .It Pa $TMPDIR/ssh-XXXXXXXXXX/agent.\*(Ltppid\*(Gt | 201 | .It Pa $TMPDIR/ssh-XXXXXXXXXX/agent.\*(Ltppid\*(Gt |