Packet Timing and Data Leaks

Thorsten Glaser t.glaser at tarent.de
Tue Aug 8 03:06:19 AEST 2023


On Mon, 7 Aug 2023, Howard Chu wrote:

>>> The keystroke timing issue would be solved by adding LINEMODE support as I did back in 2010.
>>> https://lists.mindrot.org/pipermail/openssh-unix-dev/2010-June/028732.html
>>
>> Local line editing by using GNU libreadline? *shudder* No, thanks.
>
>I also ported it to use libedit instead, but readline is more widely used.

Yeah, same point though. I actually did work with such a system once,
namely Android adb before they removed the local line editing part
once they had imported mksh, and it was awful. You lose any sort of
connection to the command line input mode of the remote shell (not
everyone uses a shell backed by libreadline/libedit), and even
passwords would show up in the scrollback, etc. but the worst is the
missing tab completion.

I also doubt it will catch many relevant use cases, e.g. editors.

bye,
//mirabilos
-- 
(gnutls can also be used, but if you are compiling lynx for your own use,
there is no reason to consider using that package)
	-- Thomas E. Dickey on the Lynx mailing list, about OpenSSL


More information about the openssh-unix-dev mailing list