https://bugzilla.mindrot.org/show_bug.cgi?id=2511
Alex Wilson <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #2770|ok?([email protected]) | Flags| | Attachment #2770|0 |1 is obsolete| | --- Comment #7 from Alex Wilson <[email protected]> --- Created attachment 2771 --> https://bugzilla.mindrot.org/attachment.cgi?id=2771&action=edit patch-v3 (In reply to Damien Miller from comment #5) > > Unfortunately the agent can still exec() at this point: if the user > adds a PKCS#11 token then ssh-pkcs11-helper will be executed. > Ah. Of course. I haven't been testing with a pkcs#11 token, though we do support a few of them on Illumos, so perhaps I should see if I can dig one up for future testing. I have attached a v3 patch, with this fixed up so that the ssh-agent retains the right to use exec(). I also renamed the solaris_drop_*_privs() functions to make it a bit clearer what the 3 of them actually are. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
