On Feb 24 07:12, Darren Tucker wrote:
> Darren Tucker wrote:
> >Corinna Vinschen wrote:
> >>? Is there any good reason why root should be able to connect to the
> >>ssh-agent of a user? What is that reason?

> >
> >ssh is setuid root in some configurations (eg for
> >RhostsRSAAuthentication, UsePrivilegedPort).

>
> Hmm, on the other hand, ssh should have dropped privs by that point anyway.
>
> On the other, other hand, it doesn't buy any additional protection since
> all root has to do is "su user -c ssh whatever".
>
> Maybe it's to allow the use of the agent when someone su's (or sudo's) to
> root? The cvs log on ssh-agent.c (rev 1.113) says:
>
> - markus@cvs.openbsd.org 2002/10/01 20:34:12
> [ssh-agent.c]
> allow root to access the agent, since there is no protection from root.


Ok, thank you for the explanation. As you might guess, I'm looking if
there's any good reason at this point to add a #ifdef HAVE_CYGWIN ;-)


Corinna

--
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat, Inc.

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://www.mindrot.org/mailman/listi...enssh-unix-dev