Re: The keychain package, its debconf templates, the security hole induced

[Colin Watson <cjwatson@debian.org>]

On Fri, Jan 21, 2005 at 10:22:02AM +0100, Martin Quinson wrote:
> A closer check to the package reveals that it's only useful if you want to
> open a security risk on your machine. All info relatives to the ssh-agent
> are written into a well known file, allowing cron jobs and attackers to use
> them without prior knowledge of your passwords.

This has no security impact whatsoever. ssh-agent creates its socket
directory mode 700; if you can write to the socket, you can also read
the environment variables necessary to talk to the agent out of the
output of 'ps xwwwe' (or even just go and have a look through /tmp), and
if you can't write to the socket, then there is no concern. Do not ever
rely on the extremely minor obscurity provided by not having the socket
path right in front of any attacker.

> Dudes. There is a reason why those informations are not written to file by
> ssh itself.

That reason is not for security purposes; it's simpler to pass them
round in the environment, that's all. The fact that the location of the
authentication socket is passed in the environment is NOT a defence of
ANY KIND; if you are relying on this for any kind of security whatsoever
then you should rethink your own security design.

Cheers,

-- 
Colin Watson                                       [cjwatson@debian.org]