From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by nuthatch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-55182-garchives=archives.gentoo.org@gentoo.org>)
	id 1Gmd6S-0005Lq-5V
	for garchives@archives.gentoo.org; Tue, 21 Nov 2006 21:24:28 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.13.8/8.13.8) with SMTP id kALLL03b015386;
	Tue, 21 Nov 2006 21:21:00 GMT
Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.186])
	by robin.gentoo.org (8.13.8/8.13.8) with ESMTP id kALLGCu5029940
	for <gentoo-user@lists.gentoo.org>; Tue, 21 Nov 2006 21:16:14 GMT
Received: by nf-out-0910.google.com with SMTP id c31so462364nfb
        for <gentoo-user@lists.gentoo.org>; Tue, 21 Nov 2006 13:16:14 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:from:reply-to:to:subject:date:user-agent:references:in-reply-to:mime-version:content-type:content-transfer-encoding:message-id;
        b=humUygghWl2WH9q9y/+D+he0o018UU2olc1WpzjTyi/RMUC3LCIm2kA1VcboFTLls6fQikwNE+EYBcVfDb+zoUWuqQoDq3r3+oouNHeBqRNMW+244Z4p/jcEOW64dwH4Ajydi271+Hxnu6qEEzdRsnZsVnO4bQop1XfjE1QCWt8=
Received: by 10.49.8.15 with SMTP id l15mr1839947nfi.1164143774174;
        Tue, 21 Nov 2006 13:16:14 -0800 (PST)
Received: from ?192.168.0.5? ( [213.162.120.196])
        by mx.google.com with ESMTP id o9sm357067nfa.2006.11.21.13.16.12;
        Tue, 21 Nov 2006 13:16:13 -0800 (PST)
From: Mick <michaelkintzios@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] ssh-agent
Date: Tue, 21 Nov 2006 21:15:48 +0000
User-Agent: KMail/1.9.5
References: <Pine.LNX.4.64.0611201715010.15381@jmaa.math.ist.utl.pt> <200611211224.44524.bss03@volumehost.net> <Pine.LNX.4.64.0611211829330.8638@jmaa.math.ist.utl.pt>
In-Reply-To: <Pine.LNX.4.64.0611211829330.8638@jmaa.math.ist.utl.pt>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Type: multipart/signed;
  boundary="nextPart1408964.Is8pJUHPzW";
  protocol="application/pgp-signature";
  micalg=pgp-sha1
Content-Transfer-Encoding: 7bit
Message-Id: <200611212116.02233.michaelkintzios@gmail.com>
X-Archives-Salt: ed2ca678-62a4-4557-a671-b6c489b086b6
X-Archives-Hash: d52be93e3326a83cccf14968cd161a9c

--nextPart1408964.Is8pJUHPzW
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On Tuesday 21 November 2006 18:41, Jorge Almeida wrote:
> On Tue, 21 Nov 2006, Boyd Stephen Smith Jr. wrote:
> >> OK, that's what I thought. But a troian running with the normal user
> >> permissions could get the keys by reading the temporary directory (not
> >> by connecting to the socket). Is this right?
> >
> > No.  There's no files in the temporary directory besides the socket.
> >
> >> Or are the keys protected
> >> in some other way?
> >
> > They are only stored in locked memory; they are never on disk
> > unencrypted. Anyone that can read locked memory can access them, but th=
is
> > is very few users/processes on Linux -- and besides those same users wi=
ll
> > be able to read the key as you authenticate even if you don't use
> > ssh-agent, as long as they time things right.
>
> OK, this sounds better! I posted to the gnupg-users, asking a similar
> question about gpg-agent. I guess gpg-agent works the same way.

Please post back your findings!

What happens to the /tmp/ directory & socket file after the user logs out? =
=20
Does it get deleted by the ssh-agent shutdown script?

I am asking this because I seem to continuously accumulate a load of gpg-ag=
ent=20
directories and socket files into my /tmp.  Unless of course gpg-agent work=
s=20
on a different principle all together.  My start up & shutdown scripts are=
=20
in /etc/X11/Sessions/fluxbox.  Are they correct for this task?
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
eval "$(gpg-agent --daemon)"
/usr/bin/startfluxbox
kill `echo ${GPG_AGENT_INFO} | cut -d ':' -f 2`
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

Or should I have another line to 'rm -Rf /tmp/gpg-*'
=2D-=20
Regards,
Mick

--nextPart1408964.Is8pJUHPzW
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQBFY2yS5Fp0QerLYPcRAj92AJ44RhF4/dGW2Xqv3AonkMnNgjegEACgwiXr
iwVwdfO7VypBcgVceeJF7iM=
=5eI+
-----END PGP SIGNATURE-----

--nextPart1408964.Is8pJUHPzW--
-- 
gentoo-user@gentoo.org mailing list