Bug#1001186: ssh-agent: SSH_AUTH_SOCK temporary directory uses 6 template chars out of 12

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1001186: ssh-agent: SSH_AUTH_SOCK temporary directory uses 6 template chars out of 12
From: Étienne Mollier <emollier@emlwks999.eu>
Date: Sun, 5 Dec 2021 23:10:25 +0100
Message-id: <[🔎] Ya040dLrqsxy1Nt+@fusion>
Reply-to: Étienne Mollier <emollier@emlwks999.eu>, 1001186@bugs.debian.org

Package: openssh-client
Version: 1:8.7p1-2
Severity: minor
Tags: sid bookworm

Dear Maintainer,

I recently noticed on sid and testing, that when starting an
ssh-agent, the SSH_AUTH_SOCK is located in a temporary directory
which only has it's six last "X" in the template effectively set
random.  Here is an example of annotated output from testing:

	(testing-amd64-sbuild)$ ssh-agent | grep AUTH
	SSH_AUTH_SOCK=/tmp/ssh-XXXXXXTNMzUg/agent.1753865; export SSH_AUTH_SOCK;
	                       ^^^^^^
	(testing-amd64-sbuild)$ ssh-agent | grep AUTH
	SSH_AUTH_SOCK=/tmp/ssh-XXXXXXwkcH8n/agent.1753867; export SSH_AUTH_SOCK;
	                       ^^^^^^
	(testing-amd64-sbuild)$ ssh-agent | grep AUTH
	SSH_AUTH_SOCK=/tmp/ssh-XXXXXXMZou0x/agent.1753869; export SSH_AUTH_SOCK;
	                       ^^^^^^
	(testing-amd64-sbuild)$ ssh-agent | grep AUTH
	SSH_AUTH_SOCK=/tmp/ssh-XXXXXXQQyooG/agent.1753871; export SSH_AUTH_SOCK;
	                       ^^^^^^

Earlier versions of ssh-agent in Debian, such as the one
delivered in bullseye, do have effectively all X's from the
template set random:

	(bullseye-amd64-sbuild)$ ssh-agent | grep AUTH
	SSH_AUTH_SOCK=/tmp/ssh-6iy9xiW14kJD/agent.1754856; export SSH_AUTH_SOCK;
	                       ^^^^^^
	(bullseye-amd64-sbuild)$ ssh-agent | grep AUTH
	SSH_AUTH_SOCK=/tmp/ssh-S8YSIDoV32GR/agent.1754858; export SSH_AUTH_SOCK;
	                       ^^^^^^

The bookworm behavior is consistent with mkdtemp(3), which only
changes the last six XXXXXX of the template string, so I suppose
earlier versions were using another mkdtemp implementation to
create the temporary directory.  I don't believe the issue is a
big deal to be honest, but I think it might raise some eyebrows.

Thank you for taking the time to maintain openssh in Debian!

Have a nice day,  :)
Étienne.

-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.15.0-2-amd64 (SMP w/12 CPU threads)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages openssh-client depends on:
ii  adduser           3.118
ii  dpkg              1.20.9
ii  libc6             2.32-5
ii  libedit2          3.1-20210910-1
ii  libfido2-1        1.9.0-1
ii  libgssapi-krb5-2  1.18.3-7
ii  libselinux1       3.3-1+b1
ii  libssl1.1         1.1.1l-1
ii  passwd            1:4.8.1-2
ii  zlib1g            1:1.2.11.dfsg-2

Versions of packages openssh-client recommends:
ii  xauth  1:1.1-1

Versions of packages openssh-client suggests:
pn  keychain      <none>
pn  libpam-ssh    <none>
pn  monkeysphere  <none>
pn  ssh-askpass   <none>

-- debconf-show failed

-- 
Étienne Mollier <emollier@emlwks999.eu>
Fingerprint:  8f91 b227 c7d6 f2b1 948c  8236 793c f67e 8f0d 11da
Sent from /dev/pts/3, please excuse my verbosity.

Attachment: signature.asc
Description: PGP signature

Reply to:

Prev by Date: [bts-link] source package src:openssh
Next by Date: Bug#867762: socket activated ssh leaves failed units behind
Previous by thread: Processed: [bts-link] source package src:openssh
Next by thread: Bug#867762: socket activated ssh leaves failed units behind
Index(es):
- Date
- Thread