diff options
author | djm@openbsd.org <djm@openbsd.org> | 2016-09-28 16:33:06 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2016-09-29 03:11:32 +1000 |
commit | 0082fba4efdd492f765ed4c53f0d0fbd3bdbdf7f (patch) | |
tree | b0271896ec4d6c0e716821954212677438824a05 /monitor.h | |
parent | 27c3a9c2aede2184856b5de1e6eca414bb751c38 (diff) | |
download | openssh-git-0082fba4efdd492f765ed4c53f0d0fbd3bdbdf7f.tar.gz |
upstream commit
Remove support for pre-authentication compression. Doing
compression early in the protocol probably seemed reasonable in the 1990s,
but today it's clearly a bad idea in terms of both cryptography (cf. multiple
compression oracle attacks in TLS) and attack surface.
Moreover, to support it across privilege-separation zlib needed
the assistance of a complex shared-memory manager that made the
required attack surface considerably larger.
Prompted by Guido Vranken pointing out a compiler-elided security
check in the shared memory manager found by Stack
(http://css.csail.mit.edu/stack/); ok deraadt@ markus@
NB. pre-auth authentication has been disabled by default in sshd
for >10 years.
Upstream-ID: 32af9771788d45a0779693b41d06ec199d849caf
Diffstat (limited to 'monitor.h')
-rw-r--r-- | monitor.h | 6 |
1 files changed, 1 insertions, 5 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.h,v 1.19 2015/01/19 19:52:16 markus Exp $ */ +/* $OpenBSD: monitor.h,v 1.20 2016/09/28 16:33:07 djm Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> @@ -67,21 +67,17 @@ enum monitor_reqtype { }; -struct mm_master; struct monitor { int m_recvfd; int m_sendfd; int m_log_recvfd; int m_log_sendfd; - struct mm_master *m_zback; - struct mm_master *m_zlib; struct kex **m_pkex; pid_t m_pid; }; struct monitor *monitor_init(void); void monitor_reinit(struct monitor *); -void monitor_sync(struct monitor *); struct Authctxt; void monitor_child_preauth(struct Authctxt *, struct monitor *); |