https://bugzilla.mindrot.org/show_bug.cgi?id=2511
--- Comment #5 from Damien Miller <[email protected]> --- (In reply to Alex Wilson from comment #4) > I did have one other question/comment -- from what I can tell, the > pledge() call in ssh-agent seems to be broader than it needs to be: > it's currently allowing "exec", but the pledge() call happens after > the final exec() that the ssh-agent can do. Am I mistaken on this? > If I am, then the code in this patch should also avoid dropping > "exec" (currently it drops it). Unfortunately the agent can still exec() at this point: if the user adds a PKCS#11 token then ssh-pkcs11-helper will be executed. I've thought about doing this unconditionally when ssh-agent is started, but was put off by running an extra process that will never be used by 99.9% of users. Alternatives including adding a command-line option to ssh-agent to enable PKCS#11 support (would break existing setups), adding an option to disable PKCS#11 support so a stronger pledge could be used (not "secure by default", nobody would use it) or extending pledge to permit the whitelisting of execl() targets (not going to happen for a while, if ever). None of the alternatives were particularly appealing, so we punted and used a more permissive pledge policy :/ -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
