1 files changed, 40 insertions, 0 deletions
diff --git a/debian/patches/ssh-agent-setgid.patch b/debian/patches/ssh-agent-setgid.patch
new file mode 100644
index 000000000..e7849e6c3
--- /dev/null
+++ b/debian/patches/ssh-agent-setgid.patch
@@ -0,0 +1,40 @@
+From ad09303388f0172ab6e028aaf27d87cf873d123d Mon Sep 17 00:00:00 2001
+From: Colin Watson <cjwatson@debian.org>
+Date: Sun, 9 Feb 2014 16:10:13 +0000
+Subject: Document consequences of ssh-agent being setgid in ssh-agent(1)
+Bug-Debian: http://bugs.debian.org/711623
+Forwarded: no
+Last-Update: 2020-02-21
+Patch-Name: ssh-agent-setgid.patch
+---
+ ssh-agent.1 | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+diff --git a/ssh-agent.1 b/ssh-agent.1
+index fff0db6bc..99e4f6d2e 100644
+--- a/ssh-agent.1
+++ b/ssh-agent.1
+@@ -201,6 +201,21 @@ socket and stores its pathname in this variable.
+ It is accessible only to the current user,
+ but is easily abused by root or another instance of the same user.
+ .El
+.Pp
+In Debian,
+.Nm
+is installed with the set-group-id bit set, to prevent
+.Xr ptrace 2
+attacks retrieving private key material.
+This has the side-effect of causing the run-time linker to remove certain
+environment variables which might have security implications for set-id
+programs, including
+.Ev LD_PRELOAD ,
+.Ev LD_LIBRARY_PATH ,
+and
+.Ev TMPDIR .
+If you need to set any of these environment variables, you will need to do
+so in the program executed by ssh-agent.
+ .Sh FILES
+ .Bl -tag -width Ds
+ .It Pa $TMPDIR/ssh-XXXXXXXXXX/agent.<ppid>

diff --git a/debian/patches/ssh-agent-setgid.patch b/debian/patches/ssh-agent-setgid.patch new file mode 100644 index 000000000..e7849e6c3 --- /dev/null +++ b/debian/patches/ssh-agent-setgid.patch
@@ -0,0 +1,40 @@
	1	From ad09303388f0172ab6e028aaf27d87cf873d123d Mon Sep 17 00:00:00 2001
	2	From: Colin Watson <cjwatson@debian.org>
	3	Date: Sun, 9 Feb 2014 16:10:13 +0000
	4	Subject: Document consequences of ssh-agent being setgid in ssh-agent(1)
	5
	6	Bug-Debian: http://bugs.debian.org/711623
	7	Forwarded: no
	8	Last-Update: 2020-02-21
	9
	10	Patch-Name: ssh-agent-setgid.patch
	11	---
	12	ssh-agent.1 \| 15 +++++++++++++++
	13	1 file changed, 15 insertions(+)
	14
	15	diff --git a/ssh-agent.1 b/ssh-agent.1
	16	index fff0db6bc..99e4f6d2e 100644
	17	--- a/ssh-agent.1
	18	+++ b/ssh-agent.1
	19	@@ -201,6 +201,21 @@ socket and stores its pathname in this variable.
	20	It is accessible only to the current user,
	21	but is easily abused by root or another instance of the same user.
	22	.El
	23	+.Pp
	24	+In Debian,
	25	+.Nm
	26	+is installed with the set-group-id bit set, to prevent
	27	+.Xr ptrace 2
	28	+attacks retrieving private key material.
	29	+This has the side-effect of causing the run-time linker to remove certain
	30	+environment variables which might have security implications for set-id
	31	+programs, including
	32	+.Ev LD_PRELOAD ,
	33	+.Ev LD_LIBRARY_PATH ,
	34	+and
	35	+.Ev TMPDIR .
	36	+If you need to set any of these environment variables, you will need to do
	37	+so in the program executed by ssh-agent.
	38	.Sh FILES
	39	.Bl -tag -width Ds
	40	.It Pa $TMPDIR/ssh-XXXXXXXXXX/agent.<ppid>