Bug 1296724

Summary: Please change permissions on ssh-agent and ssh-keysign to 02555
Product: [Fedora] Fedora Reporter: Andy Lutomirski <luto>
Component: opensshAssignee: Jakub Jelen <jjelen>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 23CC: jjelen, mattias.ellert, mgrepl, plautrba, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openssh-7.1p2-1.fc23 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-01-16 13:21:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Andy Lutomirski 2016-01-08 01:09:46 UTC 
Preventing the world from reading ssh-agent and ssh-keysign serves no purpose and is annoying to users playing with unprivileged stateless use of /usr.  Please consider changing the modes to 2555.

See also:

https://fedorahosted.org/fpc/ticket/467
Comment 1 Jakub Jelen 2016-01-08 12:29:51 UTC 
Hello,
thank you for bringing this issue into the discussion.

 * ssh-keysign there should be no drawback in setting 2555 permissions
 * ssh-agent does not need SGID bit [1] so changing to 0755 as upstream does during install

It will be in the next update for Fedora 23

[1] https://anongit.mindrot.org/openssh.git/commit/?id=6c4914afccb0c188a2c412d12dfb1b73e362e07e
Comment 2 Fedora Update System 2016-01-13 17:45:06 UTC 
openssh-7.1p1-7.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-247b0c6fea
Comment 3 Fedora Update System 2016-01-14 11:24:46 UTC 
openssh-7.1p1-7.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-247b0c6fea
Comment 4 Fedora Update System 2016-01-14 16:26:21 UTC 
openssh-7.1p2-1.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-67c6ef0d4f
Comment 5 Fedora Update System 2016-01-15 18:53:09 UTC 
openssh-7.1p2-1.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-67c6ef0d4f
Comment 6 Fedora Update System 2016-01-16 13:20:51 UTC 
openssh-7.1p2-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.