ControlMaster question

Philippe Cerfon philcerf at gmail.com
Wed Nov 12 12:28:12 EST 2014


Hello Damien.

Okay I'll see. So the recipe right now is to depend on something to
not mix user's sockets.
Since this sounds a bit error prone, though, and I've also read the
other user's comments now, wouldn't it be better to fix this in a way
proposed there? I saw some patches and someone suggested to either
apply the check for root as well or make something like StrictModes
for the ~/.ssh for the sockets.
I've also seem that claim that this user ID check would happen on the
socket server side, which would be the one trying to attack, right? So
can that be copied to the socket client side as well?


Good, thanks for the note. Do you think it's easy to write a patch
that makes 0s behave like "immediately exit after the last one is
gone"? Would sound like a compelling default :-)

Best wishes,
Philippe


More information about the openssh-unix-dev mailing list