during my seminar of advanced exploitation techniques (SEAT, [1]) i
developed some methods to crack into system via DMA (e.g. via firewire).
as part of this i developed a program that steals loaded ssh private
keys from ssh-agents. i was astonished to find that the keys are not
immediately removed from the agent when a timeout occurs, but only the
next time the agent is queried via its socket. i have written a
__rough__ patch that should fix the problem (a timer checks every 10
seconds). please take a look at it and, if you like it, incorporate it.
the patch can be found at [2], more information on other things i
developed during SEAT can be found at [3] - once i release the stuff (in
a few days, i think).
so far
losTrace a.k.a. David R. Piegdon
[1] seminar of advanced exploitation techniques
http://www-i4.informatik.rwth-aachen.de/content/teaching/seminars/sub/2006_2007_seat_seminar.html
[2] rough patch that fixes ssh-agent timeout problem
http://david.piegdon.de/SEAT/ssh-agent.patch
[3] more information on my stuff http://david.piegdon.de/products.html
pgpa5TnsUzX7E.pgp
Description: PGP signature
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
|