Bug#882475: weird access permission to ssh-agent's socket
On Fri, Nov 24, 2017 at 08:37:56AM +0100, Harald Dunkel wrote:
> It is possible to bind mount or hard link the socket to another
> path. Of course this still requires appropriate access permissions,
> but the point is that you cannot be sure that the socket stays
> visible just within this single directory created by sshd.
That's why there's also a getpeereid check, which ensures that that's
not a problem even if somebody does that.
> Please reconsider. I would guess its easy to fix.
Feel free to ask this upstream yourself (https://bugzilla.mindrot.org/),
but since I can't construct a situation where this is a practical
problem I'm not going to forward it.
Regards,
--
Colin Watson [cjwatson@debian.org]
Reply to: