- Package:
- x11-common
- Source:
- xorg
- Submitter:
- Julien Bigot
- Date:
- 2019-10-25 15:57:06 UTC
- Severity:
- wishlist
ssh-agent as launched by /etc/X11/Xsession.d/90x11-common_ssh-agent is the parent of every user process in an X session however, ssh-agent is suid root and thus removes LD_LIBRARY_PATH from its environment as a result, setting LD_LIBRARY_PATH in your environement does not work for X sessions The second approach where ssh-agent generate shell commands should be used instead. With this approach it is not the father of other processes anymore. Best regards, Julien
A little correction, ssh-agent is not suid root but sgid ssh, my mistake. Anyway, it doesn't change anything to the remaining of the bugreport.
reassign 573325 x11-common thanks I mostly tend to agree, although note that your alternative approach makes it difficult to ensure that ssh-agent goes away when the X session dies. Something would need to be done about that; I don't know what. In any case, this file is shipped by x11-common rather than by openssh-client, so reassigning there.
Hi Julien, Julien Bigot <julien.bigot@ifrance.com> (10/03/2010): (oh, une machine para*) I guess it would be nice to have a proposed tested patch, so that we can discuss its inclusion. KiBi.
severity 573325 wishlist tag 573325 moreinfo kthxbye I'm not sure that's a good plan. The way it's currently started, the ssh-agent process dies together with the session, that would probably not happen if we start it as suggested. Cheers, Julien
/etc/X11/Xsession.d/90x11-common_ssh-agent nowadays saves and
restores TMPDIR:
STARTUP="$SSHAGENT $SSHAGENTARGS ${TMPDIR:+env TMPDIR=$TMPDIR} $STARTUP"
Please consider tunneling LD_LIBRARY_PATH in the same way.
Until then, I've added a similar hack in ~/.xsessionrc.
I spent half an hour searching for what deleted the variable
(and now more complaining about it...). It's documented in
/usr/share/doc/openssh-client/README.Debian.gz (since bug
#167974), but I didn't originally know ssh-agent was the cause,
so didn't look there. Perhaps this should be mentioned in
Xsession(5) as well?
Also, I think the problem could be fixed with two executables.
A not-setgid wrapper would create a pipe and fork. The child
process would write all of its environment variables to the pipe
and exit. The parent process would exec the setgid ssh-agent and
tell it the file descriptor of the pipe. The setgid ssh-agent
would lose some environment variables on startup but read them
all back from the pipe and eventually pass them to execle().
Hi, Sure, that was just meant as an indication of the desired semantics. A proper solution has actually been suggested in the bug you linked: Add a (non-setgid) ssh-agent-launch wrapper, which fork()s to exec ssh-agent, applies the environment changes return by that one, then runs the program given as argument, and when that program quits, it kills ssh-agent. That way, no setgid process is in the parent-child path to the user session, and process lifetime is handled correctly. Yeah, upstart/systemd user sessions are the "real" solution, but well, we have to work with what's currently available ;-) Thanks. Kind regards Ralf
Доброго дня, Ваш рахунок знаходиться во вкладеннi. З повагою і найкращими побажаннями.