Bug#573325: Bug#711623: Re: Bug#711623: ssh-agent: Removes LD_LIBRARY_PATH from environment
Hi,
> Well, x11-common is welcome to implement it that way if it chooses to
> and if it actually works; note that the file
> /etc/X11/Xsession.d/90x11-common_ssh-agent is not actually shipped by
> the openssh packages themselves, but rather by x11-common ...
>
> See bug #573325, filed a while back for this. Note that there are
> problems documented in that bug with making sure that ssh-agent has an
> appropriate lifetime, so it's not just as simple as the approach you
> suggest.
Sure, that was just meant as an indication of the desired semantics. A
proper solution has actually been suggested in the bug you linked: Add a
(non-setgid) ssh-agent-launch wrapper, which fork()s to exec ssh-agent,
applies the environment changes return by that one, then runs the
program given as argument, and when that program quits, it kills
ssh-agent. That way, no setgid process is in the parent-child path to
the user session, and process lifetime is handled correctly.
> (The approach used in the current Ubuntu development release
> where ssh-agent runs as an Upstart user job fixes this, but it may be
> some time before we can persuade Debian to switch to this!)
Yeah, upstart/systemd user sessions are the "real" solution, but well,
we have to work with what's currently available ;-)
> Fair enough; I've added something similar to the text in README.Debian
> there for my next upload.
Thanks.
Kind regards
Ralf
Reply to: