Date: Thu, 16 Apr 2015 18:58:42 +0000 From: =?iso-8859-1?Q?K=E1roly_Arnhoffer?= <karoly.arnhoffer@ericsson.com> To: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: setgid ssh-agent Message-ID: <08700910B5A5E84EB1D9B4504501B63D0FB0276D@ESESSMB309.ericsson.se>
next in thread | raw e-mail | index | archive | help
Hi, As I can see OpenSSH's ssh-agent is not setgid as it is for example in all = the Linux distributions I know. They say ssh-agent is needed to be setgid to a group that owns nothing so t= hat it can be safe from ptrace. It seems to me that ptrace is functionally = the same in FreeBSD as well, even thoug, ssh-agent is not setgid. Some links about the topic: http://unix.stackexchange.com/questions/141082/why-ssh-agent-group-ownershi= p-is-not-root http://serverfault.com/questions/290920/why-does-ssh-agent-have-sgid-set http://comments.gmane.org/gmane.linux.debian.devel.ssh/59 In my FreeBSD 10.1-RELEASE the stock ssh-agent is owned by root:wheel and n= ot setgid. Why? Thanks! Karoly
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?08700910B5A5E84EB1D9B4504501B63D0FB0276D>