[Bug 2615] LoginGraceTime bypass (DoS)

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Thu Sep 15 22:56:57 AEST 2016


--- Comment #1 from Tomas Kuthan <tomas.kuthan at oracle.com> ---
Created attachment 2875
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2875&action=edit
watchdog process backing-up login_grace_time alarm

I have implemented and successfully tested a candidate fix - a single
purpose watchdog process backing up login_grace_time alarm in the main
process. If the main process doesn't authenticate or exit in
login_grace_time seconds, the watchdog kills it by SIGTERM (or
eventually SIGKILL). Patch attached.

I have rejected several other fix ideas:
- threads - unlikely to be accepted upstream
- main sshd process keeping track of unauthenticated children
    - too much logic in process listening for new connection
- allow preauth child to send signal to the monitor
    - too much privs to unprivileged process
    - wouldn't work w/o privilege separation

You are receiving this mail because:
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list