On Nov 10, 2014 8:26 PM, "mancha" <mancha1@xxxxxxxx> wrote: > > On Tue, Nov 11, 2014 at 08:00:04AM +1100, Damien Miller wrote: > > On Mon, 10 Nov 2014, Christoph Anton Mitterer wrote: > > [SNIP] > > > This behaviour is intentional. root is allowed to connect to users' > > control sockets for a number of reasons. These include making them > > work across sudo and it being mostly pointless to restrict root on a > > system. > > > > If you want to avoid root connecting to a suspect socket, then ensure > > root's sockets are created in a directory that is not writable by > > untrusted users. I use "ControlPath ~/.ssh/ctl-%C" > > Before I got Damien's response I had already cooked up a new patch that > imposes three restrictions on control socket usage: 1. must be owned by > user, 2. perms must be 600, and 3. hard link count can't exceed one. > > Those who want the more stringent conditions are welcome to it. Modify > to your heart's content. > > It's a bit less racey but if you have a more atomic (and still portable) > approach, go for it. I won't be spending any more time on this. > Great for general use. However there should be an option to turn the owner and perms check off. I like single use accounts (I haven't done this but now that I'm thinking about it) so a repo user who handles repo interactions. I wouldn't want it to have access to my ssh private keys but would setup a ControlMaster for it to use. Also, it'd be cool if I could report on the parameters a ControlMaster was initialized with (host, port, user, key, etc) - if this information could be kept in memory and be retrieved via the file that might help with this issue (and its something that's been on my mind besides :P ). _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev