Re: ControlMaster question

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Mon, 10 Nov 2014, Philippe Cerfon wrote:

> Some problems/questions:
> 1) Is it a security issue, when the sockets are created in /tmp? E.g.
> could a malevolent user create such a socket and intercept the other
> user's connection? Or does ssh check whether the socket is owned by
> BOTH it's own user/group?

It allows the user who created the socket and root (subject to file
permissions). It's best not to mix users' control sockets in the same
directory. Could you arrange a per-user temporary directory be created
at login time? (e.g. via PAM) If so, then you could put the sockets
there.

> 2) Apparently ControlPersist 0 is actually the same as yes and the mux
> process isn't stopped 0s (i.e. immediately) after the last connection
> has gone, but never.
> Is this a bug?

Kind of - '0' is used internally to implement ControlPersist=yes and this
leaked through to the UI. It's probably not a good idea to ban it
retrospectively, so I'll add a note to the manual page.

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux