zlib compression, the exploit, and OpenSSH

[Damien Miller]

On Wed, 13 Mar 2002, ewheeler at kaico.com wrote:

> Damien --
> 
> I should have tagged this on my previous email, but oops!
> 
> > > 2.  What are the logistics of moving all non-critical external library
> > > calls (zlib in this case, but others if they exist) *after*
> > > authentication?
> > 
> > Not easy, what's "non-critical"?
> 
> Well, zlib could be considered "non-critical" before authentication --
> The amount of data passed during authentication is small and need not be
> compressed (IMO).  I am not familiar enough with OpenSSH's code to know if
> there are other superflous calls, and none of the debug output gives a
> hint to something which could wait until after auth.  
> 
> As I understand the SSH protocol, enabling zlib compression
> (SSH_CMSG_REQUEST_COMPRESSION) /could/ be done after authentication if the
> code to handle SSH_CMSG_REQUEST_COMPRESSION was implemented in the body of
> the ssh protocol rather than only during prep.  If this breaks RFC, it
> could be an option in sshd_config and ssh_config so other ssh
> implementations can still work with it if necessary.

Those messages are for SSH protocol 1 only. The only way you could do it
for SSH protocol 2 is to perform a rekey after authentication. 

This effort would be better spent getting Niels' privsep code running 
properly.

-d