ssh-agent and socket permission check
Damien Miller
djm at mindrot.org
Fri Jul 25 09:31:44 EST 2014
On Fri, 25 Jul 2014, Igor Bukanov wrote:
> On 25 July 2014 00:09, Damien Miller <djm at mindrot.org> wrote:
>
> > It shouldn't be anyway. We ship it setgid by default and also use
> > prctl()
> > on Linux to prevent ptrace()
>
> So with that setup on Linux it is not possible for an ordinary account to
> read memory of ssh-agent barring a kernel bug? In any case, as in my case
> everything runs in a container with no setuid/setguid binaries available,
> that would not help.
If you are on Linux then prctl will still prevent ptrace, even without
setgid.
So yeah, your attacker will need root or a kernel bug.
You can try it yourself: "gdb -p $SSH_AGENT_PID /usr/bin/ssh-agent"
-d
More information about the openssh-unix-dev
mailing list