From: "Theo de Raadt" Subject: Re: Move the ssh-agent socket from /tmp to $HOME/.ssh/ To: Jesper Wallin Cc: tech@openbsd.org Date: Tue, 29 Apr 2025 08:06:54 -0600 Jesper Wallin wrote: > On Tue, Apr 29, 2025 at 07:48:35AM -0600, Theo de Raadt wrote: > > ~/can be on NFS, whereas /tmp is gauranteed to be local. > > > > Your proposal has some pretty big consequences. > > Oh, good point. Yeah, that complicates things. > > > As for your problem with /tmp versus in a sub-directory of home, I > > don't see how this is actually solving it. > > > > Unveil does not solve the problem if non-unveiled programs accessing > > files. It only prevents unveiled programs from accessing such files, > > obviously. > > Hehe, obviously. > > The scenario I had in mind was Firefox, where each process is unveiled > to only have accesses to the file and directories it needs access to. > Though, every single process of Firefox has 'rwc' access to /tmp. > > So if Firefox got compromised, it can still access my ssh-agent socket > that lives in /tmp. Though, Firefox does not have access to ~/.ssh. And what does firefox do then?