[Bug 165919] Review Request: pam_ssh Pluggable Authentication Module for ssh
bugzilla at redhat.com
bugzilla at redhat.com
Tue Aug 16 15:18:23 UTC 2005
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: Review Request: pam_ssh Pluggable Authentication Module for ssh
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=165919
------- Additional Comments From dmitry at butskoy.name 2005-08-16 11:18 EST -------
OK.
There is no any information leaks if we made "r--r--r--" permissons. Typical
contents of such files is:
SSH_AUTH_SOCK=/tmp/ssh-nRQKz11544/agent.11544; export SSH_AUTH_SOCK;
SSH_AGENT_PID=11545; export SSH_AGENT_PID;
echo Agent pid 11545;
Agent pid can be always found by anyone using "ps" command, auth sock can be
found by "ls -l /tmp", etc.
I have not found files under /var/run which would not belong to root (or other
special account), therefore I don`t want to make these files owned by a user.
What do you mean "documented anyway in the man page" ? There is no mention in
pam_ssh.8 about ~/.ssh/agent-* files, therefore nothing to change...
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the fedora-extras-list
mailing list