[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#711623: marked as done (ssh-agent: Removes LD_LIBRARY_PATH from environment)

Your message dated Sat, 8 Jun 2013 14:37:56 +0100
with message-id <20130608133756.GB5693@riva.ucam.org>
and subject line Re: Bug#711623: ssh-agent: Removes LD_LIBRARY_PATH from environment
has caused the Debian Bug report #711623,
regarding ssh-agent: Removes LD_LIBRARY_PATH from environment
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
711623: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711623
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: openssh-client
Version: 1:6.2p2-3
Severity: critical
Justification: breaks unrelated software

Dear Maintainer,

ssh-agent removes the $LD_LIBRARY_PATH from the environment it was started in. This is fatal,
for example when starting a session with a desktop installed to a different $PREFIX for development
pruposes. I have KDE master compiled and installed to /opt/kde-master, and I set up my .xsessionrc
to prepare the environment for executing the entire KDE session from this prefix. However, ssh-agent
removes the $LD_LIBRARY_PATH (which was set to /opt/kde-master/lib) from the environment before
/usr/bin/startkde is launched, thereby breaking my session in funny and subtle ways. Most binaries
have an RPATH set, but some open libraries or plugins later and end up pulling incompatible .so
files from /usr/lib.
Please refrain from breaking the carefully set-up environment ssh-agent is started in.

I verified that it is ssh-agent which breaks the environment by commenting out the contents of
90x11-common_ssh-agent.

Kind regards
Ralf


-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (990, 'testing'), (100, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.9-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages openssh-client depends on:
ii  adduser           3.113+nmu3
ii  dpkg              1.16.10
ii  libc6             2.17-3
ii  libedit2          2.11-20080614-5
ii  libgssapi-krb5-2  1.10.1+dfsg-5
ii  libselinux1       2.1.13-2
ii  libssl1.0.0       1.0.1e-3
ii  passwd            1:4.1.5.1-1
ii  zlib1g            1:1.2.8.dfsg-1

Versions of packages openssh-client recommends:
ii  xauth  1:1.0.7-1

Versions of packages openssh-client suggests:
pn  keychain                   <none>
ii  ksshaskpass [ssh-askpass]  0.5.3-1+b1
pn  libpam-ssh                 <none>
pn  monkeysphere               <none>
ii  openssh-blacklist          0.4.1+nmu1
ii  openssh-blacklist-extra    0.4.1+nmu1

-- no debconf information

--- End Message ---
--- Begin Message --- 
Control: tag -1 wontfix

On Sat, Jun 08, 2013 at 01:52:03PM +0200, Ralf Jung wrote:
> Package: openssh-client
> Version: 1:6.2p2-3
> Severity: critical
> Justification: breaks unrelated software
> 
> Dear Maintainer,
> 
> ssh-agent removes the $LD_LIBRARY_PATH from the environment it was started in.

This is a direct consequence of it being setgid, which is required to
protect the keys it stores from being retrievable using ptrace attacks;
I'm afraid that's much more important.  It's also documented in
README.Debian.  If you need to use LD_LIBRARY_PATH in conjunction with
ssh-agent, you'll need to put it in something underneath ssh-agent in
the process tree.

Regards,

-- 
Colin Watson                                       [cjwatson@debian.org]

--- End Message ---
Reply to: