[oss-security] *Possible* ssh vulnerability
Markus Friedl
mfriedl at gmail.com
Mon May 12 18:39:49 EST 2014
Am 09.05.2014 um 12:08 schrieb Dag-Erling Smørgrav <des at des.no>:
> Damien Miller <djm at mindrot.org> writes:
>> The memory dump seems in indicate a post-auth process (and possibly
>> sftp-server/internal-sftp), so it's surprising it could see the
>> password hash to begin with and it would be highly unlikely to see
>> anything else that is sensitive.
>
> (caveat: my recollection of the privsep model is slightly hazy; is there
> a whitepaper somewhere?)
http://www.citi.umich.edu/u/provos/ssh/privsep.html
-m
More information about the openssh-unix-dev
mailing list