From owner-freebsd-security@FreeBSD.ORG  Sat Apr 18 13:52:40 2015
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id BECA868F
 for <freebsd-security@freebsd.org>; Sat, 18 Apr 2015 13:52:40 +0000 (UTC)
Received: from mail-ig0-x229.google.com (mail-ig0-x229.google.com
 [IPv6:2607:f8b0:4001:c05::229])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 8D28671
 for <freebsd-security@freebsd.org>; Sat, 18 Apr 2015 13:52:40 +0000 (UTC)
Received: by iget9 with SMTP id t9so40906316ige.1
 for <freebsd-security@freebsd.org>; Sat, 18 Apr 2015 06:52:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=myconan.net; s=myconan;
 h=mime-version:in-reply-to:references:from:date:message-id:subject:to
 :cc:content-type:content-transfer-encoding;
 bh=dvItjf2hvuRbFCwblH9fKy+/3ObEjeVpR498U090IJI=;
 b=KhLTkaAbP7US8Uo3TwFfj0oRXjn0iMi718UCxA+yBQSbVS/A+CFRjwNV7OmZl8GyX9
 uHWjhyJyMelTMHbLKxIv+cIbEcVHe82kMV6BT3asulNA6frmny3asGf9bSrw+uMmAo6a
 WNYmFGf8JrZzgJLW0SlZAUhGH4DDga68zjj6k=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:in-reply-to:references:from:date
 :message-id:subject:to:cc:content-type:content-transfer-encoding;
 bh=dvItjf2hvuRbFCwblH9fKy+/3ObEjeVpR498U090IJI=;
 b=APGXD1GuYpyIParC1VgmZQCLqy7UEtwsTBSAcV2szA+5yrVjIsnuRgfGYhtvJOMJbc
 vPjLmnPGxyRlJZ/3GWCRhLSTdDkLFgDm9DAkvFZ3R6ux1HTXnTE+kIZlh6KQKhaAF6MC
 UXct+Lg0Jqo4+W67g35xSCttlg/XpWR8Ug7RBGOM6lWRzEz961YMyTAf2L69mHqLP46K
 WLPNLhkxI0wI5UoTQ/LiinjuzswydtSf1WrZO7KZ1T9e2KX3S5swV3F5b2AjdoE65E/I
 BaGo88iHTpcZg5JwHWp5KFzq40tMIigpLyLBS4QaVY5clyihC0hKpVDEO6Ne4ABRriPX
 K0JA==
X-Gm-Message-State: ALoCoQnvAMjbubHakdgnRZ02O8ktlTLSCEUmXVb+Zb2Fvy5Q1EKI4CKFc+blBj1gq9WnMPThoi+w
X-Received: by 10.50.30.9 with SMTP id o9mr8790153igh.23.1429365159915; Sat,
 18 Apr 2015 06:52:39 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.64.0.12 with HTTP; Sat, 18 Apr 2015 06:52:09 -0700 (PDT)
In-Reply-To: <08700910B5A5E84EB1D9B4504501B63D0FB0276D@ESESSMB309.ericsson.se>
References: <08700910B5A5E84EB1D9B4504501B63D0FB0276D@ESESSMB309.ericsson.se>
From: Edho Arief <me@myconan.net>
Date: Sat, 18 Apr 2015 22:52:09 +0900
Message-ID: <CAAtReCm0sNnAUj+W0N3JeaqECbNGQie1QboGaJJuzJ-jWsm54w@mail.gmail.com>
Subject: Re: setgid ssh-agent
To: =?UTF-8?Q?K=C3=A1roly_Arnhoffer?= <karoly.arnhoffer@ericsson.com>
Cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Apr 2015 13:52:40 -0000

On Fri, Apr 17, 2015 at 3:58 AM, K=C3=A1roly Arnhoffer
<karoly.arnhoffer@ericsson.com> wrote:
> Hi,
>
> As I can see OpenSSH's ssh-agent is not setgid as it is for example in al=
l the Linux distributions I know.
>

Just for reference, it's also setgid to a dedicated _sshagnt group in openb=
sd.