Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Date: Sat, 19 Feb 2005 09:57:42 +0100
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: Problem with 20050215 snapshot and ssh-agent forwarding
Message-ID: <20050219085742.GB30489@cygbert.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <20050216192355.SUQO15146.out004.verizon.net@[127.0.0.1]> <20050218143035 DOT GA31409 AT gw DOT jsoft DOT lan> <42162434 DOT 8020300 AT acm DOT org> <20050218184114 DOT GG15839 AT trixie DOT casa DOT cgf DOT cx> <42163765 DOT 9060902 AT acm DOT org> <20050218190356 DOT GB17134 AT trixie DOT casa DOT cgf DOT cx> <42164AA4 DOT 6060402 AT acm DOT org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <42164AA4.6060402@acm.org>
User-Agent: Mutt/1.4.2i

David,

On Feb 18 12:05, David Rothenberger wrote:
> I believe the problem is due to the new traverse checking. When I start 
> ssh-agent the first time, I see the following in my /tmp directory:
> 
> % l /tmp
> total 0
> drwx------+ 2 drothe None 0 Feb 18 11:47 ssh-YwRaOw6140/
> 
> Since /tmp/ssh-YwRaOw6140 is owned by my user (drothe), the first ssh 
> `hostname` has no problem accessing the ssh-agent socket.
> 
> After I do the first ssh `hostname`, I have the following:
> 
> % l /tmp
> total 0
> drwx------+ 2 SYSTEM root 0 Feb 18 11:50 ssh-AtsnfLH756/
> drwx------+ 2 drothe None 0 Feb 18 11:47 ssh-YwRaOw6140/

that's it.  Thanks for the preparing analyzis.  The problem is not
traverse checking, but traverse checking shows that there's a bug
in OpenSSH.  The whole problem is that the directory and the forwarded
agent socket is owned by SYSTEM while it actually should be owned by
the user account on the target machine, in your case "drothe' again.
As long as traverse checking wasn't enabled, this just was no problem.

I'll upload a fixed OpenSSH version soon.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          mailto:cygwin AT cygwin DOT com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/