Re: BUG: simple attack when control channel muxing is used (was: Re: ControlMaster question)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



I've also just noted that %C is usually not enough to prevent collisions
when used in multi-user locations:

%C is the hash hover (local host, remote user, hostname, port)

I'd guess local host is needed in case of shared homedirs,.. but when it
comes to ControlPaths in locations used by multiple users, one obviously
needs local user as well.


This has of course less todo to with helping against the attacks
described above,... but more with preventing accidental collisions.


Cheers,
Chris.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux