[oss-security] *Possible* ssh vulnerability

[Markus Friedl]

Am 09.05.2014 um 12:08 schrieb Dag-Erling Smørgrav <des at des.no>:

> Damien Miller <djm at mindrot.org> writes:
>> The memory dump seems in indicate a post-auth process (and possibly
>> sftp-server/internal-sftp), so it's surprising it could see the
>> password hash to begin with and it would be highly unlikely to see
>> anything else that is sensitive.
> 
> (caveat: my recollection of the privsep model is slightly hazy; is there
> a whitepaper somewhere?)


http://www.citi.umich.edu/u/provos/ssh/privsep.html

-m