vulnerability with ssh-agent
joshua stein
jcs at rt.fm
Thu Jul 15 06:02:38 EST 2004
> > if you have "an intruder with root privileges", you have bigger
> > problems
>
> Actually not necessarily so. The intruder with root privileges may have
> broken in on my home system, but that is something I can deal with.
> The intruder can via these techniques get access to some servers
> where I have stored my dsa keys, and that would be a much bigger problem.
and if i had root on your machine, what's to stop me from
backdooring the ssh client/server, terminal handling, or anything
else to completely bypass whatever changes you're requesting be made
here?
More information about the openssh-unix-dev
mailing list