ssh-agent and socket permission check
Igor Bukanov
igor at mir2.org
Fri Jul 25 18:21:42 EST 2014
On 25 July 2014 08:28, Darren Tucker <dtucker at zip.com.au> wrote:
> > If you are on Linux then prctl will still prevent ptrace, even without
> > setgid.
>
> Yeah but from memory ssh-agent will also call getpeereid() on the
> connecting socket, which will prevent other uids in the same group from
> making use of the key without exposing it to copying.
>
Yes, this a very good point. If I want to avoid a password on the key, then
the check [1] indeed makes it impossible to use the agent without exposing
the key even if the agent memory itself is not accessible. So an option to
relax the check to permit access from any process that belongs to the agent
group is still useful even if on Linux access to the agent memory is
restricted indeed.
Note that currently I workaround that check using socat unix socket
redirection and rely on socket access restriction enforced in Linux, but it
would be nice to avoid that with a relaxed check in the agent itself.
[1] -
https://github.com/openssh/openssh-portable/blob/master/ssh-agent.c#L934
More information about the openssh-unix-dev
mailing list