> Given a ssh-agent
The simple reason is that the ssh-agent explicitly disables tracing.
```
#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
/* Disable ptrace on Linux without sgid bit */
if (prctl(PR_SET_DUMPABLE, 0) != 0 && strict)
fatal("unable to make process undumpable: %s",
strerror(errno));
#endif
```
So you won't be able to dump anything on this process, even if your user owns it.
You can do a little experiment by rebuilding the ssh agent without the call to `platform_disable_tracing()` in `main()`. fuser will then be able to list the socket.
> I cannot quite see why you would want to make it
For security reasons, a lot of processes would call `prctl(PR_SET_DUMPABLE, 0)`, it is very impractical to patch out this call just to list their sockets without root privilege.
> (as in: lie)
They are not lying, please see `man prctl.2`.
---
Paul M. Ärloch
Lingvam scriptvm habere debes vt hanc paginam inspicias.
------- Original Message -------
On Wednesday, August 16th, 2023 at 3:37 PM, Hauke Fath <hf@xxxxxxxxxxxxxxxxxxx> wrote:
> On 8/16/23 17:20, memchr wrote:
>
> > > not able to get any information on active unix
> > > domain sockets
>
> > What do you mean by this? Can you provide more context, such as the
> > command you tried to run and the resulting error message?
>
>
> Sure.
>
> Given a ssh-agent(8) socket, running lsof/sockstat/fuser as
> non-privileged user
>
> % ls -l /tmp/ssh-XXXXXXXw5UyQ/
> total 0
> srw------- 1 hf4kh spgmit 0 Aug 16 16:44 agent.629
> % lsof -U
> % sockstat -u | grep /tmp/ssh-
> % fuser /tmp/ssh-XXXXXXXw5UyQ/agent.629
> %
>
> whereas for root
>
> # lsof -U | grep /tmp/ssh-
> ssh-agent 630 hf4kh 3u unix 0x00000000f56378b9 0t0 21916
> /tmp/ssh-XXXXXXXw5UyQ/agent.629 type=STREAM
> # # sockstat -u | grep /tmp/ssh-
> root rserver 363 unix
> /tmp/ssh-XXXXXXXw5UyQ/agent.629
> root rserver 363 unix
> /tmp/ssh-XXXXXXXw5UyQ/agent.629
> root sendmail 401 unix
> /tmp/ssh-XXXXXXXw5UyQ/agent.629
> root lxdm-greeter-gt 575 unix
> /tmp/ssh-XXXXXXXw5UyQ/agent.629
> root ssh-agent 630 unix
> /tmp/ssh-XXXXXXXw5UyQ/agent.629
> # fuser /tmp/ssh-XXXXXXXw5UyQ/agent.629
> /tmp/ssh-XXXXXXXw5UyQ/agent.629: 630
> #
>
> (the sockstat(1) output looks a bit off, though).
>
> I can see that you might want the option to restrict information
> access that way, but I cannot quite see why you would want to make it
> the default, and just return nothing (as in: lie) instead of flagging a
> lack of permissions.
>
> HTH,
> Hauke
>
> --
> The ASCII Ribbon Campaign Hauke Fath
> () No HTML/RTF in email Institut für Nachrichtentechnik
> /\ No Word docs in email TU Darmstadt
> Respect for open standards Ruf +49-6151-16-21344
