This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Problem with 20050215 snapshot and ssh-agent forwarding


David,

On Feb 18 12:05, David Rothenberger wrote:
> I believe the problem is due to the new traverse checking. When I start 
> ssh-agent the first time, I see the following in my /tmp directory:
> 
> % l /tmp
> total 0
> drwx------+ 2 drothe None 0 Feb 18 11:47 ssh-YwRaOw6140/
> 
> Since /tmp/ssh-YwRaOw6140 is owned by my user (drothe), the first ssh 
> `hostname` has no problem accessing the ssh-agent socket.
> 
> After I do the first ssh `hostname`, I have the following:
> 
> % l /tmp
> total 0
> drwx------+ 2 SYSTEM root 0 Feb 18 11:50 ssh-AtsnfLH756/
> drwx------+ 2 drothe None 0 Feb 18 11:47 ssh-YwRaOw6140/

that's it.  Thanks for the preparing analyzis.  The problem is not
traverse checking, but traverse checking shows that there's a bug
in OpenSSH.  The whole problem is that the directory and the forwarded
agent socket is owned by SYSTEM while it actually should be owned by
the user account on the target machine, in your case "drothe' again.
As long as traverse checking wasn't enabled, this just was no problem.

I'll upload a fixed OpenSSH version soon.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          mailto:cygwin@cygwin.com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]