Packet Timing and Data Leaks
Howard Chu
hyc at symas.com
Wed Aug 9 01:54:16 AEST 2023
Thorsten Glaser wrote:
> On Mon, 7 Aug 2023, Howard Chu wrote:
>
>>>> The keystroke timing issue would be solved by adding LINEMODE support as I did back in 2010.
>>>> https://lists.mindrot.org/pipermail/openssh-unix-dev/2010-June/028732.html
>>>
>>> Local line editing by using GNU libreadline? *shudder* No, thanks.
>>
>> I also ported it to use libedit instead, but readline is more widely used.
>
> Yeah, same point though. I actually did work with such a system once,
> namely Android adb before they removed the local line editing part
> once they had imported mksh, and it was awful. You lose any sort of
> connection to the command line input mode of the remote shell (not
> everyone uses a shell backed by libreadline/libedit), and even
> passwords would show up in the scrollback,
There's no reason for passwords to be mishandled. All ioctl's sent to the pty are
still forwarded to the other side, so the ssh client will know when the server
wants to turn echo off. It just sounds like the adb implementation was incompetent.
> etc. but the worst is the
> missing tab completion.
Tab completiom still works. The local client forwards TABs immediately to the server.
>
> I also doubt it will catch many relevant use cases, e.g. editors.
It works fine with ed and ex. A full screen editor like emacs doesn't use input lines
anyway, so that's not going to change.
>
> bye,
> //mirabilos
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
More information about the openssh-unix-dev
mailing list