PEM file opened without DIRECT I/O which makes private key readable by attacker exploiting MELTDOWN

Raphael S. Carvalho raphaelsc at scylladb.com
Sun Jan 7 06:29:10 AEDT 2018


Hi everyone out there,

I just found out that ssh command doesn't use DIRECT IO to open *.pem,
which means private key goes to page cache, which means attacker may
exploit meltdown to discover user's private key. I may come up with a POC
for that if anybody is interested, I'm basing my work on the tool I created
for checking whether system is vulnerable by exploiting MELTDOWN, follow
it: https://github.com/raphaelsc/Am-I-affected-by-Meltdown

Check strace output when connect to instance via ssh:
open("/home/utroz/.ssh/raphaelsc_aws.pem", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0400, st_size=1696, ...}) = 0
read(4, "-----BEGIN RSA PRIVATE KEY-----\r"..., 4096) = 1696
close(4)

I think we are possibly interested in switching to DIRECT IO (given that it
bypasses any caching system including page cache) when reading *.PEM file
to prevent something like this from ever happening in the future. It turns
out we can't rely on processors anymore to secure our data safely, even
though Linux will be now safe after KAISER patchset, but users may have it
disabled or mistakenly run a unpatched kernel.

I'm interested in writing a patch for that, if you guys want me to. I'd
need directions on where to look at (searching it in the source code
now...) and where to send the patch to. That's going to be my first patch
for the project, and I'd be really happy about doing it.

Regards,
Raphael Carvalho.


More information about the openssh-unix-dev mailing list