On Tue, 2014-11-11 at 08:00 +1100, Damien Miller wrote: > This behaviour is intentional. root is allowed to connect to users' > control sockets for a number of reasons. Even if,... shouldn't it then be properly documented or better: the checks should be in place per default for root as well, and only with some additional option ControlMasterConnectUnownedSockets=yes (or something like this), which defaults to no, root should be allowed to do this? I mean most people will likely never need that features you mentioned, but it happens rather easy that people place such things in /tmp or /run . Apart from that, have you seen Ángel's post where he says the check would happen on the socket server side? That would of course make any user (not just root) attackable. > If you want to avoid root connecting to a suspect socket, then ensure > root's sockets are created in a directory that is not writable by > untrusted users. I use "ControlPath ~/.ssh/ctl-%C" Or there should be a StrictModes option like on the sshd side, which prohibits taking sockets from insecure locations per default. Cheers, Chris.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev