BUG: simple attack when control channel muxing is used (was: Re: ControlMaster question)

Christoph Anton Mitterer calestyo at scientia.net
Tue Nov 11 11:43:56 EST 2014


I've also just noted that %C is usually not enough to prevent collisions
when used in multi-user locations:

%C is the hash hover (local host, remote user, hostname, port)

I'd guess local host is needed in case of shared homedirs,.. but when it
comes to ControlPaths in locations used by multiple users, one obviously
needs local user as well.


This has of course less todo to with helping against the attacks
described above,... but more with preventing accidental collisions.


Cheers,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5313 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20141111/a6519ac4/attachment-0001.bin>


More information about the openssh-unix-dev mailing list