zlib compression, the exploit, and OpenSSH

Markus Friedl markus at openbsd.org
Fri Mar 15 03:36:58 EST 2002

Previous message: zlib compression, the exploit, and OpenSSH
Next message: [Bug 160] Race condition in clientloop.c?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Mar 13, 2002 at 12:07:34PM -0800, ewheeler at kaico.com wrote:
> 2.  What are the logistics of moving all non-critical external library
> calls (zlib in this case, but others if they exist) *after*
> authentication?

this would only work if we disallowed compression
until after authentication and start to rekey
after successful authentication.

Previous message: zlib compression, the exploit, and OpenSSH
Next message: [Bug 160] Race condition in clientloop.c?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the openssh-unix-dev mailing list