https://bugzilla.mindrot.org/show_bug.cgi?id=2311
--- Comment #6 from Christoph Anton Mitterer <[email protected]> --- (In reply to Damien Miller from comment #4) > As I mentioned, root being able to access user sockets is > intentional behaviour. I'm not interested in adding additional > checks to prevent this - they would need to be behind an option to > avoid breaking existing, legitimate uses and I don't believe that > the maintenance and complexity cost of a new config option is > warranted. > > Don't use shared directories for mux sockets. It seems kinda strange that you blindly close this issue away, even though it's a very valid issue (which someone might have sooner or later worked upon - while now it will just be forgotten),... especially since my analysis contained several other issues, which are not simply solved by adding documentation. Also you seem to completely ignore the security issue pointed out by someone on the list, that it's apparently only the MUC server, which makes UID checks while the client blindly trusts. Especially when one looks at similar situations (strictmodes on key files, etc.) where one didn't just let this handle improperly by documentation, instead properly intercepting it on a code level. Actually someone did even provide a patch which would have likely properly fixed some of the issues described herein, so why didn't that got merged? Or is control muxing simply considered a dead feature where development is no longer desired to be seen? (In reply to Tomas Mraz from comment #5) > It should be documented in the ssh manual page that the socket must > be created in proper places. It already is (at least partially) -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
