Additionally, disabling the call to `prctl(PR_SET_DUMPABLE, 0)` for the
processes that store sensitive data, such as ssh-agent, is a very bad idea, as
the other process will be able to ptrace the these processes and stole the data.
---
Paul M. Ärloch
Lingvam scriptvm habere debes vt hanc pagina
> Given a ssh-agent
The simple reason is that the ssh-agent explicitly disables tracing.
```
#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
/* Disable ptrace on Linux without sgid bit */
if (prctl(PR_SET_DUMPABLE, 0) != 0 && strict)
fatal("unable to make proces
On 8/16/23 17:20, memchr wrote:
not able to get any information on active unix
domain sockets
>
What do you mean by this? Can you provide more context, such as the
command you tried to run and the resulting error message?
Sure.
Given a ssh-agent(8) socket, running lsof/sockstat/fuser as
non
Hi,
> not able to get any information on active unix
domain sockets
What do you mean by this? Can you provide more context, such as the command you
tried to run and the resulting error message?
---
Paul M. Ärloch
Lingvam scriptvm habere debes vt hanc paginam inspicias.
--- Original Message
Hi,
while scripting around ssh-agent(8), I noticed that on Arch a
non-privileged user is not able to get any information on active unix
domain sockets - not even her own.
I tried fuser(1), lsof(8) and sockstat(1). While the lsof(8) man page
hints at requiring 'setuid root' on some OSes, that
