From 7e659de6f981aaf1059720e5e198aa652834e414 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Thu, 3 Oct 2002 12:08:19 +1000
Subject:  - (djm) Install ssh-agent setgid nobody in
 contrib/redhat/openssh.spec

---
 contrib/redhat/openssh.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'contrib/redhat')

diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec
index 4bd03e82..e7005064 100644
--- a/contrib/redhat/openssh.spec
+++ b/contrib/redhat/openssh.spec
@@ -357,7 +357,7 @@ fi
 %attr(-,root,root) %{_bindir}/slogin
 %attr(-,root,root) %{_mandir}/man1/slogin.1*
 %if ! %{rescue}
-%attr(0755,root,root) %{_bindir}/ssh-agent
+%attr(2755,root,nobody) %{_bindir}/ssh-agent
 %attr(0755,root,root) %{_bindir}/ssh-add
 %attr(0755,root,root) %{_bindir}/ssh-keyscan
 %attr(0755,root,root) %{_bindir}/sftp
@@ -400,6 +400,9 @@ fi
 %endif
 
 %changelog
+* Wed Oct 01 2002 Damien Miller <djm@mindrot.org>
+- Install ssh-agent setgid nobody to prevent ptrace() key theft attacks
+
 * Mon Sep 30 2002 Damien Miller <djm@mindrot.org>
 - Use contrib/ Makefile for building askpass programs
 
-- 
cgit v1.2.3