diff -rcb openssh-3.2.3p1/channels.c openssh-3.2.3p1-patched/channels.c
*** openssh-3.2.3p1/channels.c	Tue Apr 23 13:09:46 2002
--- openssh-3.2.3p1-patched/channels.c	Fri Jun 21 20:09:14 2002
***************
*** 2743,2749 ****
  	/* Allocate a buffer for the socket name, and format the name. */
  	auth_sock_name = xmalloc(MAXPATHLEN);
  	auth_sock_dir = xmalloc(MAXPATHLEN);
! 	strlcpy(auth_sock_dir, "/tmp/ssh-XXXXXXXX", MAXPATHLEN);
  
  	/* Create private directory for socket */
  	if (mkdtemp(auth_sock_dir) == NULL) {
--- 2743,2749 ----
  	/* Allocate a buffer for the socket name, and format the name. */
  	auth_sock_name = xmalloc(MAXPATHLEN);
  	auth_sock_dir = xmalloc(MAXPATHLEN);
! 	strlcpy(auth_sock_dir, "/var/run/ssh-XXXXXXXX", MAXPATHLEN);
  
  	/* Create private directory for socket */
  	if (mkdtemp(auth_sock_dir) == NULL) {
diff -rcb openssh-3.2.3p1/ssh-agent.0 openssh-3.2.3p1-patched/ssh-agent.0
*** openssh-3.2.3p1/ssh-agent.0	Wed May 22 07:11:10 2002
--- openssh-3.2.3p1-patched/ssh-agent.0	Fri Jun 21 20:10:01 2002
***************
*** 61,67 ****
       agent, and the result will be returned to the requester.  This way, priM--
       vate keys are not exposed to clients using the agent.
  
!      A unix-domain socket is created (/tmp/ssh-XXXXXXXX/agent.<pid>), and the
       name of this socket is stored in the SSH_AUTH_SOCK environment variable.
       The socket is made accessible only to the current user.  This method is
       easily abused by root or another instance of the same user.
--- 61,67 ----
       agent, and the result will be returned to the requester.  This way, priM--
       vate keys are not exposed to clients using the agent.
  
!      A unix-domain socket is created (/var/run/ssh-XXXXXXXX/agent.<pid>), and the
       name of this socket is stored in the SSH_AUTH_SOCK environment variable.
       The socket is made accessible only to the current user.  This method is
       easily abused by root or another instance of the same user.
***************
*** 84,90 ****
               Contains the protocol version 2 RSA authentication identity of
               the user.
  
!      /tmp/ssh-XXXXXXXX/agent.<pid>
               Unix-domain sockets used to contain the connection to the authenM--
               tication agent.  These sockets should only be readable by the
               owner.  The sockets should get automatically removed when the
--- 84,90 ----
               Contains the protocol version 2 RSA authentication identity of
               the user.
  
!      /var/run/ssh-XXXXXXXX/agent.<pid>
               Unix-domain sockets used to contain the connection to the authenM--
               tication agent.  These sockets should only be readable by the
               owner.  The sockets should get automatically removed when the
diff -rcb openssh-3.2.3p1/ssh-agent.1 openssh-3.2.3p1-patched/ssh-agent.1
*** openssh-3.2.3p1/ssh-agent.1	Fri Feb  8 12:02:17 2002
--- openssh-3.2.3p1-patched/ssh-agent.1	Fri Jun 21 20:10:15 2002
***************
*** 135,141 ****
  This way, private keys are not exposed to clients using the agent.
  .Pp
  A unix-domain socket is created
! .Pq Pa /tmp/ssh-XXXXXXXX/agent.<pid> ,
  and the name of this socket is stored in the
  .Ev SSH_AUTH_SOCK
  environment
--- 135,141 ----
  This way, private keys are not exposed to clients using the agent.
  .Pp
  A unix-domain socket is created
! .Pq Pa /var/run/ssh-XXXXXXXX/agent.<pid> ,
  and the name of this socket is stored in the
  .Ev SSH_AUTH_SOCK
  environment
***************
*** 158,164 ****
  Contains the protocol version 2 DSA authentication identity of the user.
  .It Pa $HOME/.ssh/id_rsa
  Contains the protocol version 2 RSA authentication identity of the user.
! .It Pa /tmp/ssh-XXXXXXXX/agent.<pid>
  Unix-domain sockets used to contain the connection to the
  authentication agent.
  These sockets should only be readable by the owner.
--- 158,164 ----
  Contains the protocol version 2 DSA authentication identity of the user.
  .It Pa $HOME/.ssh/id_rsa
  Contains the protocol version 2 RSA authentication identity of the user.
! .It Pa /var/run/ssh-XXXXXXXX/agent.<pid>
  Unix-domain sockets used to contain the connection to the
  authentication agent.
  These sockets should only be readable by the owner.
diff -rcb openssh-3.2.3p1/ssh-agent.c openssh-3.2.3p1-patched/ssh-agent.c
*** openssh-3.2.3p1/ssh-agent.c	Fri Apr  5 22:23:37 2002
--- openssh-3.2.3p1-patched/ssh-agent.c	Fri Jun 21 20:10:23 2002
***************
*** 893,899 ****
  	parent_pid = getpid();
  
  	/* Create private directory for agent socket */
! 	strlcpy(socket_dir, "/tmp/ssh-XXXXXXXX", sizeof socket_dir);
  	if (mkdtemp(socket_dir) == NULL) {
  		perror("mkdtemp: private socket dir");
  		exit(1);
--- 893,899 ----
  	parent_pid = getpid();
  
  	/* Create private directory for agent socket */
! 	strlcpy(socket_dir, "/var/run/ssh-XXXXXXXX", sizeof socket_dir);
  	if (mkdtemp(socket_dir) == NULL) {
  		perror("mkdtemp: private socket dir");
  		exit(1);