Mailing List Archive

From:: Stuart Henderson <stu@spacehopper.org>
Subject:: Re: Move the ssh-agent socket from /tmp to $HOME/.ssh/
To:: Theo de Raadt <deraadt@openbsd.org>
Cc:: Christian Weisgerber <naddy@mips.inka.de>, tech@openbsd.org
Date:: Tue, 29 Apr 2025 17:05:59 +0100

Download raw body.

Thread

2025-04-29 15:34 Theo de Raadt:
Move the ssh-agent socket from /tmp to $HOME/.ssh/
2025-04-29 15:38 Theo de Raadt:
Move the ssh-agent socket from /tmp to $HOME/.ssh/
- 2025-04-29 16:05 Stuart Henderson:
  Move the ssh-agent socket from /tmp to $HOME/.ssh/
- 2025-04-29 18:05 H. Hartzer:
  Move the ssh-agent socket from /tmp to $HOME/.ssh/
- - 2025-04-30 08:42 Stuart Henderson:
    Move the ssh-agent socket from /tmp to $HOME/.ssh/

On 2025/04/29 09:38, Theo de Raadt wrote:
> Are we missing a pledge behaviour that would block opening of
> AF_UNIX sockets?
> 
> Or is gaining access to other AF_UNIX sockets the main reason why
> the browsers are accessing /tmp?
> 
> And of course, the problem with a such a pledge, is that it would affect
> everywhere in the filesystem.  But maybe there is some restriction we can
> impose which blocks this.

They do want to open AF_UNIX sockets in some cases, for example sndio,
dbus, and chromium has the SingletonSocket thing, whatever that is.

2025-04-29 15:34 Theo de Raadt:
Move the ssh-agent socket from /tmp to $HOME/.ssh/
2025-04-29 15:38 Theo de Raadt:
Move the ssh-agent socket from /tmp to $HOME/.ssh/
- 2025-04-29 16:05 Stuart Henderson:
  Move the ssh-agent socket from /tmp to $HOME/.ssh/
- 2025-04-29 18:05 H. Hartzer:
  Move the ssh-agent socket from /tmp to $HOME/.ssh/
- - 2025-04-30 08:42 Stuart Henderson:
    Move the ssh-agent socket from /tmp to $HOME/.ssh/