getpeereid

Corinna Vinschen vinschen at redhat.com
Thu Feb 24 08:43:30 EST 2005


On Feb 24 07:12, Darren Tucker wrote:
> Darren Tucker wrote:
> >Corinna Vinschen wrote:
> >>?  Is there any good reason why root should be able to connect to the
> >>ssh-agent of a user?  What is that reason?
> >
> >ssh is setuid root in some configurations (eg for 
> >RhostsRSAAuthentication, UsePrivilegedPort).
> 
> Hmm, on the other hand, ssh should have dropped privs by that point anyway.
> 
> On the other, other hand, it doesn't buy any additional protection since 
> all root has to do is "su user -c ssh whatever".
> 
> Maybe it's to allow the use of the agent when someone su's (or sudo's) to 
> root?  The cvs log on ssh-agent.c (rev 1.113) says:
> 
>  - markus at cvs.openbsd.org 2002/10/01 20:34:12
>    [ssh-agent.c]
>    allow root to access the agent, since there is no protection from root.

Ok, thank you for the explanation.  As you might guess, I'm looking if
there's any good reason at this point to add a #ifdef HAVE_CYGWIN ;-)


Corinna

-- 
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat, Inc.




More information about the openssh-unix-dev mailing list