On Feb 24 07:12, Darren Tucker wrote:[color=blue]
> Darren Tucker wrote:[color=green]
> >Corinna Vinschen wrote:[color=darkred]
> >>? Is there any good reason why root should be able to connect to the
> >>ssh-agent of a user? What is that reason?[/color]
> >ssh is setuid root in some configurations (eg for
> >RhostsRSAAuthentication, UsePrivilegedPort).[/color]
> Hmm, on the other hand, ssh should have dropped privs by that point anyway.
> On the other, other hand, it doesn't buy any additional protection since
> all root has to do is "su user -c ssh whatever".
> Maybe it's to allow the use of the agent when someone su's (or sudo's) to
> root? The cvs log on ssh-agent.c (rev 1.113) says:
> - [email]firstname.lastname@example.org[/email] 2002/10/01 20:34:12
> allow root to access the agent, since there is no protection from root.[/color]
Ok, thank you for the explanation. As you might guess, I'm looking if
there's any good reason at this point to add a #ifdef HAVE_CYGWIN ;-)
Cygwin Project Co-Leader
Red Hat, Inc.
openssh-unix-dev mailing list