Re: openssh-agent polling
This is a discussion on Re: openssh-agent polling within the OpenSSH Development forums, part of the Networking and Network Related category; On 09/17/07 01:05, Damien Miller wrote: > On Mon, 17 Sep 2007, Jefferson Ogata wrote: > >&...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
09-17-2007
|
|||
|
|||
Re: openssh-agent polling
On 09/17/07 01:05, Damien Miller wrote:
> On Mon, 17 Sep 2007, Jefferson Ogata wrote: > >>> This might connect you to a hostile ssh-agent that harvests your keys. >> That's precisely what the -O "$x" is there to prevent. > > Sorry - I missed that. There is still a small, unlikely race if an agent > is exiting at the moment you shell initialisation is running :) True, and in retrospect I think there's a race on someone doing somethink like the following: mkdir /tmp/ssh-00000 ln /tmp/ssh-XYXYXYX/agent.11111 /tmp/ssh-00000/ where /tmp/XYXYXY/agent.11111 is a legitimate agent running as the user. Then wait till the user has found it, and rm /tmp/ssh-00000 ln /tmp/ssh-ZZZZZZZ/agent.31337 /tmp/ssh-00000/ where /tmp/ssh-ZZZZZZZZ/agent.31337 is the harvester. There are ways of mitigating this--check ownership of /tmp/ssh-ZZZZZZZZ directory as well (should be root), but overall I agree with you that the explicit location in the user's home is superior. I actually have always wondered why the agent sockets have been put under /tmp and not ~ or ~/.ssh. -- Jefferson Ogata <Jefferson.Ogata@noaa.gov> NOAA Computer Incident Response Team (N-CIRT) <ncirt@noaa.gov> "Never try to retrieve anything from a bear."--National Park Service _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@mindrot.org https://lists.mindrot.org/mailman/li...enssh-unix-dev 
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 09:27 AM.
