openssh unix dev - Nov 2017 - Is it good for agent forwarding to creates socket in /tmp/

Hi

After logging in to a remote server with ForwardAgent enabled, sshd on the
remote server creates a socket at /tmp/ and permission is 0755/srwxr-xr-x.

What is the reason to allow everyone to read this socket?
Also, is it better to save this socket in /home/user/.ssh/?


Best Regards
-----------------------
Tran Dung

OpenSSH takes at least two precautions to protect against other users
connecting to the agent forwarding socket. First it creates a temporary
subdirectory for each socket, this directory has permissions drwx------.
This is because BSDs and Linux differ in how they handle permissions on a
UNIX socket itself (1). Second it validates the identity of the process
connecting the the auth socket (2).

Hope this helps,


Dustin Lundquist


[1]
https://unix.stackexchange.com/questions/83032/which-systems-do-not-honor-socket-read-write-permissions
[2]
https://github.com/openssh/openssh-portable/blob/9f0e44e1a0439ff4646495d5735baa61138930a9/ssh-agent.c#L796-L806

On Wed, Nov 1, 2017 at 3:26 AM, tran dung <trandung0101 at gmail.com>
wrote:
> Hi
>
> After logging in to a remote server with ForwardAgent enabled, sshd on the
> remote server creates a socket at /tmp/ and permission is 0755/srwxr-xr-x.
>
> What is the reason to allow everyone to read this socket?
> Also, is it better to save this socket in /home/user/.ssh/?
>
>
> Best Regards
> -----------------------
> Tran Dung
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>

On Wed, Nov 1, 2017 at 7:58 AM, Dustin Lundquist <dustin at null-ptr.net>
wrote:
> [2]
>
https://github.com/openssh/openssh-portable/blob/9f0e44e1a0439ff4646495d5735baa61138930a9/ssh-agent.c#L796-L806
this is new. I like it. I had been thinking about all sorts of crazy
ways to try and restrict access to the ssh_auth_sock, but this is way
simpler.