how do I make lsof be useful again in fc3?
Jakub Jelinek
jakub at redhat.com
Fri Dec 10 09:09:46 UTC 2004
On Fri, Dec 10, 2004 at 10:05:19AM +0100, F?liciano Matias wrote:
> Le vendredi 10 décembre 2004 à 10:00 +0100, Féliciano Matias a écrit :
> > $ ll /usr/bin/ssh-agent
> > -rwxr-sr-x 1 root nobody 58332 sep 21 06:56 /usr/bin/ssh-agent
> > ^
> > Why ?
>
> openssh-3.9p1/contrib/redhat/openssh.spec
> * Wed Oct 01 2002 Damien Miller <djm at mindrot.org>
> - Install ssh-agent setgid nobody to prevent ptrace() key theft
> attacks
Then it shouldn't be setgid nobody, but setgid sshagentgrp
or something else nothing else uses.
Or in FC3+ a SELinux policy can be added for ssh-agent.
Jakub
More information about the fedora-devel-list
mailing list