small remotewrapper.mwdn tunes.

Place control socket to $HOME/.ssh to disallow other users to access
the socket (or defence in depth).

exec the final ssh.

diff --git a/remoteusage/remotewrapper.mdwn b/remoteusage/remotewrapper.mdwn
index ba1daac865ea0d7e27b1a82db64eb4fd0435a490..c86d8ceeacd9ca32cd0fffb6783b67d3502471ae 100644 (file)
--- a/remoteusage/remotewrapper.mdwn
+++ b/remoteusage/remotewrapper.mdwn
@@ -15,7 +15,9 @@
     #     User username
     
     SSH_REMOTE_HOST=notmuch
     #     User username
     
     SSH_REMOTE_HOST=notmuch

-    SSH_CONTROL_PATH="-o ControlPath=/tmp/notmuch-remote.${USER}.%r@%h:%p"
+
+    # Note: for security reasons the control socket is placed in $HOME/.ssh
+    SSH_CONTROL_PATH="-o ControlPath=$HOME/.ssh/notmuch-remote.%r@%h:%p"

     
     # Start a background master connection if one isn't running yet
     ssh ${SSH_CONTROL_PATH} -O check ${SSH_REMOTE_HOST} 2>/dev/null ||
     
     # Start a background master connection if one isn't running yet
     ssh ${SSH_CONTROL_PATH} -O check ${SSH_REMOTE_HOST} 2>/dev/null ||


@@ -26,4 +28,4 @@
     
     # This requires the bash version of printf (bashism)
     printf -v ARGS "%q " "$@"
     
     # This requires the bash version of printf (bashism)
     printf -v ARGS "%q " "$@"

-    ssh ${SSH_CONTROL_PATH} ${SSH_REMOTE_HOST} notmuch ${ARGS}
+    exec ssh ${SSH_CONTROL_PATH} ${SSH_REMOTE_HOST} notmuch ${ARGS}