Hi, >> ssh-agent removes the $LD_LIBRARY_PATH from the environment it was started >> in. > > This is a direct consequence of it being setgid, which is required to > protect the keys it stores from being retrievable using ptrace attacks; > I'm afraid that's much more important. It's also documented in > README.Debian. If you need to use LD_LIBRARY_PATH in conjunction with > ssh-agent, you'll need to put it in something underneath ssh-agent in > the process tree. Hm, I see. Wouldn't it be possible to script this in a way that just ssh-agent runs without the previously set LD_LIBRARY_PATH, but the program it runs maintains the previous path? Something like, or equivalent to: eval `ssh-agent -s` the-program-to-run
Unfortunately, the issue is not solved by saying "just do the setup inside the exec'ed function". The program typically run "inside" ssh-agent is dbus-launch (it's added to the $STARTUP first), so this removal of environment variables means that dbus-activated programs use an incorrect environment. The README gives no indication how this could be solved, and actually the only idea I could come up with involves changing the global /etc/X11/Xsession.d files, which should not be necessary just to properly run a desktop in a different environment. What about the askpass program? It's a Qt/KDE program as well and should therefore have the same environment as the session. In fact, askpass and pinentry (for gpg) were the initial reason why I did all this environment set-up in .xsessionrc, not in .xsession - at least one of them didn't work properly otherwise. The net effect of this behaviour is that .xsessionrc is hardly useful. IMHO this issue should be mentioned in the manpage as well. That's where I looked for any documentation about any effects on the environment, and found none related to this problem. Kind regards Ralf -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
