Description: Document consequences of ssh-agent being setgid in ssh-agent(1)
Author: Colin Watson <cjwatson@debian.org>
Bug-Debian: http://bugs.debian.org/711623
Forwarded: no
Last-Update: 2013-06-08

Index: b/ssh-agent.1
===================================================================
--- a/ssh-agent.1
+++ b/ssh-agent.1
@@ -182,6 +182,21 @@
 .Pp
 The agent exits automatically when the command given on the command
 line terminates.
+.Pp
+In Debian,
+.Nm
+is installed with the set-group-id bit set, to prevent
+.Xr ptrace 2
+attacks retrieving private key material.
+This has the side-effect of causing the run-time linker to remove certain
+environment variables which might have security implications for set-id
+programs, including
+.Ev LD_PRELOAD ,
+.Ev LD_LIBRARY_PATH ,
+and
+.Ev TMPDIR .
+If you need to set any of these environment variables, you will need to do
+so in the program executed by ssh-agent.
 .Sh FILES
 .Bl -tag -width Ds
 .It Pa ~/.ssh/identity