From: Tomi Ollila <tomi.ollila@iki.fi>
Date: Mon, 21 May 2012 18:21:07 +0000 (+0300)
Subject: small remotewrapper.mwdn tunes.
X-Git-Url: https://git.cworth.org/git?p=notmuch-wiki;a=commitdiff_plain;h=d8c718815e47c8e6ac235b5dd431cd9869181ef7

small remotewrapper.mwdn tunes.

Place control socket to $HOME/.ssh to disallow other users to access
the socket (or defence in depth).

exec the final ssh.
---

diff --git a/remoteusage/remotewrapper.mdwn b/remoteusage/remotewrapper.mdwn
index ba1daac..c86d8ce 100644
--- a/remoteusage/remotewrapper.mdwn
+++ b/remoteusage/remotewrapper.mdwn
@@ -15,7 +15,9 @@
     #     User username
     
     SSH_REMOTE_HOST=notmuch
-    SSH_CONTROL_PATH="-o ControlPath=/tmp/notmuch-remote.${USER}.%r@%h:%p"
+
+    # Note: for security reasons the control socket is placed in $HOME/.ssh
+    SSH_CONTROL_PATH="-o ControlPath=$HOME/.ssh/notmuch-remote.%r@%h:%p"
     
     # Start a background master connection if one isn't running yet
     ssh ${SSH_CONTROL_PATH} -O check ${SSH_REMOTE_HOST} 2>/dev/null ||
@@ -26,4 +28,4 @@
     
     # This requires the bash version of printf (bashism)
     printf -v ARGS "%q " "$@"
-    ssh ${SSH_CONTROL_PATH} ${SSH_REMOTE_HOST} notmuch ${ARGS}
+    exec ssh ${SSH_CONTROL_PATH} ${SSH_REMOTE_HOST} notmuch ${ARGS}