On Tue, Apr 29, 2025 at 1:00 PM Ted Unangst <tedu@tedunangst.com> wrote:
> On 2025-04-29, Theo de Raadt wrote:
> > ~/can be on NFS, whereas /tmp is gauranteed to be local.

> Does that matter? There can be several sockets, and just having
> one from another machine doesn't mean anything, ssh won't use it.

I think the SSH socket files are inherently temporary and ~  is not meant
to be used as app scratch space for temp files.   As mentioned;
the homedir is commonly a remote mount.

I would have an alternate suggestion..  create a  mkdir -p
/tmp/username.private.$$/ssh subdirectory
within /tmp   and choose that subdirectory for the SSH socket.

Then use your unveil(2) to subdivide the restrictions on /tmp  further
and  block access to everything
below that  user's  /tmp/username.private.$$   subdirectory    that
has the ssh subdirectory
while still allowing access at  the  /tmp  folder  level itself.

--
-JA