1 files changed, 40 insertions, 0 deletions
diff --git a/debian/patches/ssh-agent-setgid.patch b/debian/patches/ssh-agent-setgid.patch
new file mode 100644
index 000000000..5d7a6c0fb
--- /dev/null
+++ b/debian/patches/ssh-agent-setgid.patch
@@ -0,0 +1,40 @@
+From 7a305ed4a0cba43d0d1bc6ebf5737521a0854a9d Mon Sep 17 00:00:00 2001
+From: Colin Watson <cjwatson@debian.org>
+Date: Sun, 9 Feb 2014 16:10:13 +0000
+Subject: Document consequences of ssh-agent being setgid in ssh-agent(1)
+Bug-Debian: http://bugs.debian.org/711623
+Forwarded: no
+Last-Update: 2020-02-21
+Patch-Name: ssh-agent-setgid.patch
+---
+ ssh-agent.1 | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+diff --git a/ssh-agent.1 b/ssh-agent.1
+index 2cf46160b..272da79b3 100644
+--- a/ssh-agent.1
+++ b/ssh-agent.1
+@@ -206,6 +206,21 @@ socket and stores its pathname in this variable.
+ It is accessible only to the current user,
+ but is easily abused by root or another instance of the same user.
+ .El
+.Pp
+In Debian,
+.Nm
+is installed with the set-group-id bit set, to prevent
+.Xr ptrace 2
+attacks retrieving private key material.
+This has the side-effect of causing the run-time linker to remove certain
+environment variables which might have security implications for set-id
+programs, including
+.Ev LD_PRELOAD ,
+.Ev LD_LIBRARY_PATH ,
+and
+.Ev TMPDIR .
+If you need to set any of these environment variables, you will need to do
+so in the program executed by ssh-agent.
+ .Sh FILES
+ .Bl -tag -width Ds
+ .It Pa $TMPDIR/ssh-XXXXXXXXXX/agent.<ppid>

diff --git a/debian/patches/ssh-agent-setgid.patch b/debian/patches/ssh-agent-setgid.patch new file mode 100644 index 000000000..5d7a6c0fb --- /dev/null +++ b/debian/patches/ssh-agent-setgid.patch
@@ -0,0 +1,40 @@
	1	From 7a305ed4a0cba43d0d1bc6ebf5737521a0854a9d Mon Sep 17 00:00:00 2001
	2	From: Colin Watson <cjwatson@debian.org>
	3	Date: Sun, 9 Feb 2014 16:10:13 +0000
	4	Subject: Document consequences of ssh-agent being setgid in ssh-agent(1)
	5
	6	Bug-Debian: http://bugs.debian.org/711623
	7	Forwarded: no
	8	Last-Update: 2020-02-21
	9
	10	Patch-Name: ssh-agent-setgid.patch
	11	---
	12	ssh-agent.1 \| 15 +++++++++++++++
	13	1 file changed, 15 insertions(+)
	14
	15	diff --git a/ssh-agent.1 b/ssh-agent.1
	16	index 2cf46160b..272da79b3 100644
	17	--- a/ssh-agent.1
	18	+++ b/ssh-agent.1
	19	@@ -206,6 +206,21 @@ socket and stores its pathname in this variable.
	20	It is accessible only to the current user,
	21	but is easily abused by root or another instance of the same user.
	22	.El
	23	+.Pp
	24	+In Debian,
	25	+.Nm
	26	+is installed with the set-group-id bit set, to prevent
	27	+.Xr ptrace 2
	28	+attacks retrieving private key material.
	29	+This has the side-effect of causing the run-time linker to remove certain
	30	+environment variables which might have security implications for set-id
	31	+programs, including
	32	+.Ev LD_PRELOAD ,
	33	+.Ev LD_LIBRARY_PATH ,
	34	+and
	35	+.Ev TMPDIR .
	36	+If you need to set any of these environment variables, you will need to do
	37	+so in the program executed by ssh-agent.
	38	.Sh FILES
	39	.Bl -tag -width Ds
	40	.It Pa $TMPDIR/ssh-XXXXXXXXXX/agent.<ppid>