Moving the agent's socket to /var/run ?

Daiki Ueno ueno at
Wed Feb 24 03:41:48 CET 2016

Kristian Fiskerstrand <kristian.fiskerstrand at>

> On 02/24/2016 12:15 AM, Bertrand Jacquin wrote:
>> Hi,
>> What about using abstract sockets ?
>> These sockets are the same as Unix sockets except that there's no
>> need for any filesystem access. The address may be whatever string
>> both sides agree upon. This can be really convenient for
>> inter-process communications. Also, there is no need to take care
>> about permissions. Technically it's like a Unix socket with a zero
>> in the first byte of the address.
>> abstract namespace were introduced with Linux. See man 7 unix.
> I'm asking because I'm not familiar with abstract sockets but. Ok, its
> implemented in Linux, but is it portable? is it POSIX? How would this
> work with socket forwarading over SSH for gpg-agent ?

In addition to portability, abstract sockets cannot take advantage of
file system based access control, and require client authentication (I
recall I got a CVE regarding this).  I would rather not mess with it.

Daiki Ueno

More information about the Gnupg-devel mailing list