how do I make lsof be useful again in fc3?

Jakub Jelinek jakub at redhat.com
Fri Dec 10 09:09:46 UTC 2004


On Fri, Dec 10, 2004 at 10:05:19AM +0100, F?liciano Matias wrote:
> Le vendredi 10 décembre 2004 à 10:00 +0100, Féliciano Matias a écrit :
> > $ ll /usr/bin/ssh-agent
> > -rwxr-sr-x  1 root nobody 58332 sep 21 06:56 /usr/bin/ssh-agent
> >          ^
> > Why ?
> 
> openssh-3.9p1/contrib/redhat/openssh.spec
>         * Wed Oct 01 2002 Damien Miller <djm at mindrot.org>
>         - Install ssh-agent setgid nobody to prevent ptrace() key theft
>         attacks

Then it shouldn't be setgid nobody, but setgid sshagentgrp
or something else nothing else uses.
Or in FC3+ a SELinux policy can be added for ssh-agent.

	Jakub




More information about the fedora-devel-list mailing list