From: "Theo de Raadt" Subject: Re: Move the ssh-agent socket from /tmp to $HOME/.ssh/ To: Christian Weisgerber Cc: tech@openbsd.org Date: Tue, 29 Apr 2025 09:34:05 -0600 Christian Weisgerber wrote: > "Theo de Raadt": > > > > So if Firefox got compromised, it can still access my ssh-agent socket > > > that lives in /tmp. Though, Firefox does not have access to ~/.ssh. > > > > And what does firefox do then? > > Enumerate the keys loaded into the agent, open an ssh connection > to cvs.openbsd.org, offer the agent key(s) for pubkey authentication, > forward the authentication request and response between the remote > server and ssh-agent, sucessfully log in as me, do whatever it > wants. > > Probably won't work for me, because I have a U2F-backed ssh key, > so my YubiKey will start blinking for user confirmation, and I'll > be suspicious why it does so when I haven't started ssh or scp. > > This scenario is also the reason why you shouldn't forward your > agent to a remote server that you don't trust. Well before unveil and pledge, this was already a problem. Why are unveil and pledge supposed to be the solution to this, and all, problems? Why are the browser processes still able to access /tmp? Sure, maybe the agent mechanism is too permissive on the local host, but that is because it is generally under control of a local process run by your uid, and this is the classix unix problem that we cannot differentiate between what process of yours is accessing which data you are trying to make available to (some other) processes running as your uid.