blob: 7e909a1657e566f9da91f0fee0976651f759a216 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
Description: Document consequences of ssh-agent being setgid in ssh-agent(1)
Author: Colin Watson <cjwatson@debian.org>
Bug-Debian: http://bugs.debian.org/711623
Forwarded: no
Last-Update: 2013-06-08
Index: b/ssh-agent.1
===================================================================
--- a/ssh-agent.1
+++ b/ssh-agent.1
@@ -182,6 +182,21 @@
.Pp
The agent exits automatically when the command given on the command
line terminates.
+.Pp
+In Debian,
+.Nm
+is installed with the set-group-id bit set, to prevent
+.Xr ptrace 2
+attacks retrieving private key material.
+This has the side-effect of causing the run-time linker to remove certain
+environment variables which might have security implications for set-id
+programs, including
+.Ev LD_PRELOAD ,
+.Ev LD_LIBRARY_PATH ,
+and
+.Ev TMPDIR .
+If you need to set any of these environment variables, you will need to do
+so in the program executed by ssh-agent.
.Sh FILES
.Bl -tag -width Ds
.It Pa ~/.ssh/identity
|
