Bug#658124: x11-common: Xsession should not start ssh-agent (should be a user-level choice)

2017-04-24 Thread Marc Haber 
On Wed, Feb 01, 2012 at 09:27:43PM +0100, Julien Cristau wrote:
> On Tue, Jan 31, 2012 at 15:46:28 +0100, Vincent Lefevre wrote:
> > Note: /etc/X11/Xsession.d/90x11-common_ssh-agent does some checks
> > e.g. by testing whether $SSH_AUTH_SOCK is set, but unfortunately it
> > is sourced before the user can get the control on the environment,
> > so that there is no good workaround.
> > 
> unset SSH_AUTH_SOCK in ~/.xsessionrc wouldn't work?

As pointed out, that's a hack. More clear is this (untested) patch,
which will honor STARTSSH pulled in from, e.g. .xsessionrc

--- 90x11-common_ssh-agent  2017-04-24 12:56:05.131727153 +0200
+++ /etc/X11/Xsession.d/90x11-common_ssh-agent  2017-04-24 13:03:33.568948463 
+0200
@@ -2,12 +2,12 @@

 # This file is sourced by Xsession(5), not executed.

-STARTSSH=
+STARTSSH=${SSHAGENT:-}
 SSHAGENT=/usr/bin/ssh-agent
 SSHAGENTARGS=

 if has_option use-ssh-agent; then
-  if [ -x "$SSHAGENT" ] && [ -z "$SSH_AUTH_SOCK" ] \
+  if [ -z "$STARTSSH" ] && [ -x "$SSHAGENT" ] && [ -z "$SSH_AUTH_SOCK" ] \
  && [ -z "$SSH2_AUTH_SOCK" ]; then
 STARTSSH=yes
 if [ -f /usr/bin/ssh-add1 ] && cmp -s $SSHAGENT /usr/bin/ssh-agent2; then

Greetings
Marc

-- 
-
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany|  lose things."Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature |  How to make an American Quilt | Fax: *49 6224 1600421

Bug#658124: x11-common: Xsession should not start ssh-agent (should be a user-level choice)

2012-02-01 Thread Julien Cristau 
On Tue, Jan 31, 2012 at 15:46:28 +0100, Vincent Lefevre wrote:

 Note: /etc/X11/Xsession.d/90x11-common_ssh-agent does some checks
 e.g. by testing whether $SSH_AUTH_SOCK is set, but unfortunately it
 is sourced before the user can get the control on the environment,
 so that there is no good workaround.
 
unset SSH_AUTH_SOCK in ~/.xsessionrc wouldn't work?

Cheers,
Julien


signature.asc
Description: Digital signature

Bug#658124: x11-common: Xsession should not start ssh-agent (should be a user-level choice)

2012-02-01 Thread Vincent Lefevre 
On 2012-02-01 21:27:43 +0100, Julien Cristau wrote:
 On Tue, Jan 31, 2012 at 15:46:28 +0100, Vincent Lefevre wrote:
  Note: /etc/X11/Xsession.d/90x11-common_ssh-agent does some checks
  e.g. by testing whether $SSH_AUTH_SOCK is set, but unfortunately it
  is sourced before the user can get the control on the environment,
  so that there is no good workaround.
  
 unset SSH_AUTH_SOCK in ~/.xsessionrc wouldn't work?

There are several problems with that. First, it should be done
conditionally with some heuristics, because SSH_AUTH_SOCK could
have been set in some other way, e.g. by a possible login shell
(if X was started from the command line). Another problem is that
unset SSH_AUTH_SOCK won't kill the agent, leaving a useless
process. eval `ssh-agent -k` is probably the correct command.
Also, in case of some future bug in ssh-agent, the X environment
might no longer be started because ssh-agent is the controlling
process instead of being a child of the session process; this
makes the system more sensitive to failures.

-- 
Vincent Lefèvre vinc...@vinc17.net - Web: http://www.vinc17.net/
100% accessible validated (X)HTML - Blog: http://www.vinc17.net/blog/
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)



--
To UNSUBSCRIBE, email to debian-x-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120202002542.go3...@xvii.vinc17.org

Bug#658124: x11-common: Xsession should not start ssh-agent (should be a user-level choice)

2012-01-31 Thread Vincent Lefevre 
Package: x11-common
Version: 1:7.6+11
Severity: normal

By default, due to use-ssh-agent in /etc/X11/Xsession.options and
/etc/X11/Xsession.d/90x11-common_ssh-agent, Xsession starts ssh-agent
(as a user process). However this may clash with the user settings[*]
and even not, it may be a useless process. Xsession should not start
ssh-agent, or this should be controlled by a user-level option, not
by an admin-level one such as in /etc/X11/Xsession.options. Anyway if
the user wants to start ssh-agent, this is already possible via his
.xsession file in a more flexible way.

Note: /etc/X11/Xsession.d/90x11-common_ssh-agent does some checks
e.g. by testing whether $SSH_AUTH_SOCK is set, but unfortunately it
is sourced before the user can get the control on the environment,
so that there is no good workaround.

[*] For instance, I have a system to share the ssh-agent between
sessions (X / ssh to the machine / screen). The fact that
$SSH_AUTH_SOCK is set makes it believe that ssh-agent was already
started with this system.

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages x11-common depends on:
ii  debconf [debconf-2.0]  1.5.41
ii  lsb-base   3.2-28.1

x11-common recommends no packages.

x11-common suggests no packages.

-- debconf information:
  x11-common/xwrapper/allowed_users: Console Users Only
  x11-common/xwrapper/actual_allowed_users: console



-- 
To UNSUBSCRIBE, email to debian-x-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120131144628.ga7...@ypig.lip.ens-lyon.fr