On Fri, Dec 10, 2004 at 10:05:19AM +0100, F?liciano Matias wrote: > Le vendredi 10 décembre 2004 à 10:00 +0100, Féliciano Matias a écrit : > > $ ll /usr/bin/ssh-agent > > -rwxr-sr-x 1 root nobody 58332 sep 21 06:56 /usr/bin/ssh-agent > > ^ > > Why ? > > openssh-3.9p1/contrib/redhat/openssh.spec > * Wed Oct 01 2002 Damien Miller <djm@xxxxxxxxxxx> > - Install ssh-agent setgid nobody to prevent ptrace() key theft > attacks Then it shouldn't be setgid nobody, but setgid sshagentgrp or something else nothing else uses. Or in FC3+ a SELinux policy can be added for ssh-agent. Jakub
