summaryrefslogtreecommitdiff
path: root/debian/patches
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches')
-rw-r--r--debian/patches/series1
-rw-r--r--debian/patches/ssh-agent-setgid.patch32
2 files changed, 33 insertions, 0 deletions
diff --git a/debian/patches/series b/debian/patches/series
index 6d6020805..c99a496b5 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -41,6 +41,7 @@ openbsd-docs.patch
41ssh-argv0.patch 41ssh-argv0.patch
42doc-hash-tab-completion.patch 42doc-hash-tab-completion.patch
43doc-upstart.patch 43doc-upstart.patch
44ssh-agent-setgid.patch
44 45
45# Debian-specific configuration 46# Debian-specific configuration
46gnome-ssh-askpass2-icon.patch 47gnome-ssh-askpass2-icon.patch
diff --git a/debian/patches/ssh-agent-setgid.patch b/debian/patches/ssh-agent-setgid.patch
new file mode 100644
index 000000000..7e909a165
--- /dev/null
+++ b/debian/patches/ssh-agent-setgid.patch
@@ -0,0 +1,32 @@
1Description: Document consequences of ssh-agent being setgid in ssh-agent(1)
2Author: Colin Watson <cjwatson@debian.org>
3Bug-Debian: http://bugs.debian.org/711623
4Forwarded: no
5Last-Update: 2013-06-08
6
7Index: b/ssh-agent.1
8===================================================================
9--- a/ssh-agent.1
10+++ b/ssh-agent.1
11@@ -182,6 +182,21 @@
12 .Pp
13 The agent exits automatically when the command given on the command
14 line terminates.
15+.Pp
16+In Debian,
17+.Nm
18+is installed with the set-group-id bit set, to prevent
19+.Xr ptrace 2
20+attacks retrieving private key material.
21+This has the side-effect of causing the run-time linker to remove certain
22+environment variables which might have security implications for set-id
23+programs, including
24+.Ev LD_PRELOAD ,
25+.Ev LD_LIBRARY_PATH ,
26+and
27+.Ev TMPDIR .
28+If you need to set any of these environment variables, you will need to do
29+so in the program executed by ssh-agent.
30 .Sh FILES
31 .Bl -tag -width Ds
32 .It Pa ~/.ssh/identity