From RISKS: secret scrubbing code removed by optimizers
Thomas Binder
binder at arago.de
Sat Nov 9 03:41:55 EST 2002
Hi!
On Thu, Nov 07, 2002 at 03:51:44PM -0800, Gary E. Miller wrote:
> If the memset() is eliminated as "dead code", then the password
> stays on the stack. Then anyone looking at /dev/kmem can see it
> in the clear.
The question is, though, why someone having access rights to read
/dev/kmem or swap space wouldn't rather install a trojaned or
otherwise modified sshd instead to snoop credentials.
Ciao
Thomas
More information about the openssh-unix-dev
mailing list