Package: openssh-client Version: 1:8.7p1-2 Severity: minor Tags: sid bookworm Dear Maintainer, I recently noticed on sid and testing, that when starting an ssh-agent, the SSH_AUTH_SOCK is located in a temporary directory which only has it's six last "X" in the template effectively set random. Here is an example of annotated output from testing: (testing-amd64-sbuild)$ ssh-agent | grep AUTH SSH_AUTH_SOCK=/tmp/ssh-XXXXXXTNMzUg/agent.1753865; export SSH_AUTH_SOCK; ^^^^^^ (testing-amd64-sbuild)$ ssh-agent | grep AUTH SSH_AUTH_SOCK=/tmp/ssh-XXXXXXwkcH8n/agent.1753867; export SSH_AUTH_SOCK; ^^^^^^ (testing-amd64-sbuild)$ ssh-agent | grep AUTH SSH_AUTH_SOCK=/tmp/ssh-XXXXXXMZou0x/agent.1753869; export SSH_AUTH_SOCK; ^^^^^^ (testing-amd64-sbuild)$ ssh-agent | grep AUTH SSH_AUTH_SOCK=/tmp/ssh-XXXXXXQQyooG/agent.1753871; export SSH_AUTH_SOCK; ^^^^^^ Earlier versions of ssh-agent in Debian, such as the one delivered in bullseye, do have effectively all X's from the template set random: (bullseye-amd64-sbuild)$ ssh-agent | grep AUTH SSH_AUTH_SOCK=/tmp/ssh-6iy9xiW14kJD/agent.1754856; export SSH_AUTH_SOCK; ^^^^^^ (bullseye-amd64-sbuild)$ ssh-agent | grep AUTH SSH_AUTH_SOCK=/tmp/ssh-S8YSIDoV32GR/agent.1754858; export SSH_AUTH_SOCK; ^^^^^^ The bookworm behavior is consistent with mkdtemp(3), which only changes the last six XXXXXX of the template string, so I suppose earlier versions were using another mkdtemp implementation to create the temporary directory. I don't believe the issue is a big deal to be honest, but I think it might raise some eyebrows. Thank you for taking the time to maintain openssh in Debian! Have a nice day, :) Étienne. -- System Information: Debian Release: bookworm/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.15.0-2-amd64 (SMP w/12 CPU threads) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages openssh-client depends on: ii adduser 3.118 ii dpkg 1.20.9 ii libc6 2.32-5 ii libedit2 3.1-20210910-1 ii libfido2-1 1.9.0-1 ii libgssapi-krb5-2 1.18.3-7 ii libselinux1 3.3-1+b1 ii libssl1.1 1.1.1l-1 ii passwd 1:4.8.1-2 ii zlib1g 1:1.2.11.dfsg-2 Versions of packages openssh-client recommends: ii xauth 1:1.1-1 Versions of packages openssh-client suggests: pn keychain <none> pn libpam-ssh <none> pn monkeysphere <none> pn ssh-askpass <none> -- debconf-show failed -- Étienne Mollier <emollier@emlwks999.eu> Fingerprint: 8f91 b227 c7d6 f2b1 948c 8236 793c f67e 8f0d 11da Sent from /dev/pts/3, please excuse my verbosity.
Attachment:
signature.asc
Description: PGP signature