Hi, As I can see OpenSSH's ssh-agent is not setgid as it is for example in all the Linux distributions I know.
They say ssh-agent is needed to be setgid to a group that owns nothing so that it can be safe from ptrace. It seems to me that ptrace is functionally the same in FreeBSD as well, even thoug, ssh-agent is not setgid. Some links about the topic: http://unix.stackexchange.com/questions/141082/why-ssh-agent-group-ownership-is-not-root http://serverfault.com/questions/290920/why-does-ssh-agent-have-sgid-set http://comments.gmane.org/gmane.linux.debian.devel.ssh/59 In my FreeBSD 10.1-RELEASE the stock ssh-agent is owned by root:wheel and not setgid. Why? Thanks! Karoly _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
