ssh-agent does not immediately clean timeouted keys from memory
openssh at p23q.org
openssh at p23q.org
Sat Feb 24 05:10:32 EST 2007
during my seminar of advanced exploitation techniques (SEAT, [1]) i
developed some methods to crack into system via DMA (e.g. via firewire).
as part of this i developed a program that steals loaded ssh private
keys from ssh-agents. i was astonished to find that the keys are not
immediately removed from the agent when a timeout occurs, but only the
next time the agent is queried via its socket. i have written a
__rough__ patch that should fix the problem (a timer checks every 10
seconds). please take a look at it and, if you like it, incorporate it.
the patch can be found at [2], more information on other things i
developed during SEAT can be found at [3] - once i release the stuff (in
a few days, i think).
so far
losTrace a.k.a. David R. Piegdon
[1] seminar of advanced exploitation techniques
http://www-i4.informatik.rwth-aachen.de/content/teaching/seminars/sub/2006_2007_seat_seminar.html
[2] rough patch that fixes ssh-agent timeout problem
http://david.piegdon.de/SEAT/ssh-agent.patch
[3] more information on my stuff http://david.piegdon.de/products.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20070223/e7730d88/attachment-0001.bin
More information about the openssh-unix-dev
mailing list