Hi, As I can see OpenSSH's ssh-agent is not setgid as it is for example in all the Linux distributions I know. They say ssh-agent is needed to be setgid to a group that owns nothing so that it can be safe from ptrace. It seems to me that ptrace is functionally the same in FreeBSD as well, even thoug, ssh-agent is not setgid. Some links about the topic: http://unix.stackexchange.com/questions/141082/why-ssh-agent-group-ownership-is-not-root http://serverfault.com/questions/290920/why-does-ssh-agent-have-sgid-set http://comments.gmane.org/gmane.linux.debian.devel.ssh/59 In my FreeBSD 10.1-RELEASE the stock ssh-agent is owned by root:wheel and not setgid. Why? Thanks! Karoly
On Fri, Apr 17, 2015 at 3:58 AM, K?roly Arnhoffer <karoly.arnhoffer at ericsson.com> wrote:> Hi, > > As I can see OpenSSH's ssh-agent is not setgid as it is for example in all the Linux distributions I know. >Just for reference, it's also setgid to a dedicated _sshagnt group in openbsd.