> > Running the 20101126 snapshot, I was poking around a bit this morning > > and noticed a possible permissions issue. > > > > $ ls -l /tmp/ssh-U7b26QotNu5v/agent.12708 > > srwxr-xr-x 1 test wheel 0 Nov 28 15:57 /tmp/ssh-U7b26QotNu5v/agent.12708 > > If you look closer you will see that /tmp/ssh-U7b26QotNu5v itself > drwx-------, which means you cannot get at the socket. > > > ssh-agent (1): > > $TMPDIR/ssh-XXXXXXXXXX/agent.<ppid> > > UNIX-domain sockets used to contain the connection to the > > authentication agent. These sockets should only be readable by > > the owner. The sockets should get automatically removed when > > the > > agent exits. > > [...] > > A UNIX-domain socket is created and the name of this socket is stored > > in > > the SSH_AUTH_SOCK environment variable. The socket is made accessible > > only to the current user. This method is easily abused by root or > > another instance of the same user. > > > > > > Should auth-agent be setting the socket permission to 0700? > > That cannot be done reliably on many operating systems, since their > AF_UNIX socket() calls ignore the umask. Doing a chmod afterwards > still exposes a race. However, it is not important since the closed > directory was created atomically. >
Er, I meant to tsay AF_UNIX bind() calls.
