Please sign in to comment.
Remove support for pre-authentication compression. Doing compression
early in the protocol probably seemed reasonable in the 1990s, but today it's clearly a bad idea in terms of both cryptography (cf. multiple compression oracle attacks in TLS) and attack surface. Moreover, to support it across privilege-separation zlib needed the assistance of a complex shared-memory manager that made the required attack surface considerably larger. Prompted by Guido Vranken pointing out a compiler-elided security check in the shared memory manager found by Stack (http://css.csail.mit.edu/stack/); ok deraadt@ markus@ NB. pre-auth authentication has been disabled by default in sshd for >10 years.
- Loading branch information...
Showing with 19 additions and 589 deletions.
- +1 −47 usr.bin/ssh/monitor.c
- +1 −5 usr.bin/ssh/monitor.h
- +0 −347 usr.bin/ssh/monitor_mm.c
- +0 −62 usr.bin/ssh/monitor_mm.h
- +1 −4 usr.bin/ssh/monitor_wrap.h
- +2 −2 usr.bin/ssh/myproposal.h
- +0 −3 usr.bin/ssh/opacket.h
- +6 −98 usr.bin/ssh/packet.c
- +1 −6 usr.bin/ssh/packet.h
- +2 −2 usr.bin/ssh/servconf.c
- +2 −2 usr.bin/ssh/sshconnect2.c
- +1 −9 usr.bin/ssh/sshd.c
- +2 −2 usr.bin/ssh/sshd/Makefile
Oops, something went wrong.