Description of problem:
The ssh-keysign binary is setuid because it needs to read the system's sshd
private keys /etc/ssh/ssh_host_[dr]sa_key. It opens them and immediately drops
to the original uid. It reads /etc/ssh/ssh_config for options. Then it reads the
data which should be signed from STDIN and gets addres/name of a socket it
inherited. Then it verifies that the data passed to it are correct and signs
them (using /dev/random through OpenSSL). The result is written to stdout.
To protect against revealing the ssh keys the selinux policy should be created.
It was suggested to me by Jakub.
Added policy to handle this in selinux-policy-strict-1.23.5-2
Not really sure how to test it though.