From d8c718815e47c8e6ac235b5dd431cd9869181ef7 Mon Sep 17 00:00:00 2001 From: Tomi Ollila Date: Mon, 21 May 2012 21:21:07 +0300 Subject: [PATCH] small remotewrapper.mwdn tunes. Place control socket to $HOME/.ssh to disallow other users to access the socket (or defence in depth). exec the final ssh. --- remoteusage/remotewrapper.mdwn | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/remoteusage/remotewrapper.mdwn b/remoteusage/remotewrapper.mdwn index ba1daac..c86d8ce 100644 --- a/remoteusage/remotewrapper.mdwn +++ b/remoteusage/remotewrapper.mdwn @@ -15,7 +15,9 @@ # User username SSH_REMOTE_HOST=notmuch - SSH_CONTROL_PATH="-o ControlPath=/tmp/notmuch-remote.${USER}.%r@%h:%p" + + # Note: for security reasons the control socket is placed in $HOME/.ssh + SSH_CONTROL_PATH="-o ControlPath=$HOME/.ssh/notmuch-remote.%r@%h:%p" # Start a background master connection if one isn't running yet ssh ${SSH_CONTROL_PATH} -O check ${SSH_REMOTE_HOST} 2>/dev/null || @@ -26,4 +28,4 @@ # This requires the bash version of printf (bashism) printf -v ARGS "%q " "$@" - ssh ${SSH_CONTROL_PATH} ${SSH_REMOTE_HOST} notmuch ${ARGS} + exec ssh ${SSH_CONTROL_PATH} ${SSH_REMOTE_HOST} notmuch ${ARGS} -- 2.43.0