[Bug 2691] Add ability to disable escape char forward menu

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Tue Mar 14 05:34:20 AEDT 2017


https://bugzilla.mindrot.org/show_bug.cgi?id=2691

--- Comment #2 from Thomas Jarosch <thomas.jarosch at intra2net.com> ---
Yes, it's true that once the machine is compromised, the attacker can
replace / patch any binary file as he pleases.

The worrysome part is the second attack stated
in "Hijacking Active SSH Sessions".

-> Is there filtering in the ssh client to prevent a remote host to
send the escape sequence for '~C' back to the client?


If so, I'm wondering a) what I tested back then in February and b) the 
patch would not be needed.

Or may be it was possible to trigger ~C from the remote server as I
used screen on the local side, too?

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list