On Tue, Jan 30, 2001 at 12:14:07PM +1100, Herbert Xu wrote: > > In that case, make ssh-agent setuid a new user who owns /var/run/ssh. > Then ssh-agent can create a directory under it for the user invoking > it and make it owned by that user. The rest is trivial. sorry but this is nuts, ssh-agent is not written to be a set[ug]id program, making it setuid would be dangerous. it probably would not even function correctly. other then that all this accomplishes is giving the user evem more write permission to /var then they already have. this is Bad Thing IMNSHO. the set[ug]id bit has been an endless source of security problems forever, it should be used only when *absolutely necessary* and ssh-agent does not even close to qualify as being absolutely necessary. The FHS is broken, fix the FHS. this also ignores the fact that gnome and whatnot have several programs making use of sockets, do you propose we make all those setuid as well? -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpcHylhpyYEo.pgp
Description: PGP signature