Potential DoS against forwarded ssh-agent

Damien Miller djm at mindrot.org
Thu Jan 6 09:28:21 EST 2005


Daniel Kahn Gillmor wrote:
> Does anyone have any thoughts about this issue?  What would it take to
> get this patch (or something like it) included in OpenSSH?
> 
> Or am i barking up the wrong tree?  Is this not really a potential
> DoS?  Or does my proposed patch not resolve the problem?

I don't really think that this is a problem - if an attacker has access
to a ssh-agent socket, then clearing your keys or locking the agent are
about the kindest things they can do for you.

-d




More information about the openssh-unix-dev mailing list