On Fri, Nov 24, 2017 at 08:37:56AM +0100, Harald Dunkel wrote: > It is possible to bind mount or hard link the socket to another > path. Of course this still requires appropriate access permissions, > but the point is that you cannot be sure that the socket stays > visible just within this single directory created by sshd.
That's why there's also a getpeereid check, which ensures that that's not a problem even if somebody does that. > Please reconsider. I would guess its easy to fix. Feel free to ask this upstream yourself (https://bugzilla.mindrot.org/), but since I can't construct a situation where this is a practical problem I'm not going to forward it. Regards, -- Colin Watson [[email protected]]
