NOT APPROVED: keychain

Ville Skyttä ville.skytta at iki.fi
Fri Aug 5 11:56:21 UTC 2005


Reporting this here because there's no Bugzilla component for keychain
yet:

I noticed a problem with the opt-in mechanism in the keychain package.
When a user who has done the opt-in and has such a ssh-agent running
runs "sudo -s", a new keychain/ssh-agent appears to be executed as root,
but using the original user's keys.  This does not happen if I use the
old way of stuffing the commands from the man page to ~/.bash_profile.
Plain "su" or "su -" seem to behave as expected, no matter if the
~/.keychainrc or ~/.bash_profile way is being used.

This looks like a serious issue which needs to be addressed before
distributing the package, so I take back my approval.  I have no time to
debug it further right now.

On a related cosmetic note, /etc/profile.d/keychain.sh mixes the
"source" and "." ways to source stuff, it'd be better to stick with one
of them.




More information about the scm-commits mailing list