On 2014-04-14 17:52, Damien Miller wrote:
It's easy to determine whether sshd is at fault here. Just replace
curl with 'cat' of a >12KB file.
>
It works when doing a cat from a file, it looks more like an issue with the
pipe mechanism. For example, this works, regardless of the size of the file:
#!/bin/bash
curl -s --compressed http://someurl.example.com/pubkeys/$1 >somefile
cat somefile
I created a bash script that runs
#!/bin/bash
curl -s --compressed http://someurl.example.com/pubkeys/$1
this is terrifying.
Why? DNS hijacking, man in the middle attack? Risk when the web server is
compromised (we are using S3 here)?
--
Yves.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev