UNCLASSIFIED - NO CUI

Skip to content

Delete ssh-keysign to address SUID finding.

Steven Terhar requested to merge sterhar-development-patch-96344 into development

Removing the ssh-keygen utility to address finding: "| SUID or SGID found set on file /usr/libexec/openssh/ssh-keysign. Mode: 0o102555"

Openssh is installed as a dependency of git. It doesn't appear to be necessary for proper operation of the runner helper as no end user would directly interact with the cli utilities in this container and a job token is used by the CI system for authenticating with gitlab.

Merge request reports