On Sat, Feb 24, 2007 at 10:18:38AM +1100, Darren Tucker wrote:
> On Fri, Feb 23, 2007 at 06:10:32PM +0000, openssh@p23q.org wrote:
> > during my seminar of advanced exploitation techniques (SEAT, [1]) i
> > developed some methods to crack into system via DMA (e.g. via firewire).
> > as part of this i developed a program that steals loaded ssh private
> > keys from ssh-agents. i was astonished to find that the keys are not
> > immediately removed from the agent when a timeout occurs, but only the
> > next time the agent is queried via its socket. i have written a
> > __rough__ patch that should fix the problem (a timer checks every 10
> > seconds). please take a look at it and, if you like it, incorporate it.
>
> Overloading the sigalrm handler seems unnecessarily complex when select(2)
> has a perfectly good timeout parameter :-)
A slightly smaller patch that uses the existing loop in the reaper()
function to compute the next timeout.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
openssh-agent-immediate_expire2.patch
Description: Text document
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
|