Use |mprotect()| to secure key data ? / was: Re: Proposal: always handle keys in separate process
Ángel González
keisial at gmail.com
Wed Jan 20 11:41:13 AEDT 2016
On 20/01/16 00:18, Roland Mainz wrote:
> On Tue, Jan 19, 2016 at 11:53 PM, Ángel González<keisial at gmail.com> wrote:
>> That won't work when the data was recovered because it was read inside
>> a stdio buffer which was not overwritten before being freed.
> Why is stdio used in such a security-sensitive area anyway ? Is there
> any performance impact if the code is switched to plain { |open()|,
> |read()|, ... } (with sufficient wrappers for |EINTR| handling) ?
Probably not, and in fact I would favor changing it.
I was just pointing out that the private key leak was not in OpenSSH buffers,
which were properly zeroed, but from things like the use of stdio buffers.
Best regards
More information about the openssh-unix-dev
mailing list