Bugtraq mailing list archives
Proposed "solution" is ugly workaround, in fact [Re: severe error in SSH session key recovery patch]
From: Pavel Machek <pavel () UCW CZ>
Date: Sun, 18 Feb 2001 18:13:43 +0100
Hi!
1) { 2) static time_t last_kill_time = 0; 3) if (time(NULL) - last_kill_time > 60 && getppid() != 1) 4) { 5) last_kill_time = time(NULL); 6) kill(SIGALRM, getppid()); 7) } 8) fatal("Bad result from rsa_private_decrypt"); 9) }
This looks more like ugly workaround than proper fix to me. If attacker can do 400*60 requests per second, he can still decrypt private key. Solution would be to reconfig after number of _attempts_, not time. Plus, it is still racy, as it uses kill(). What about attacker doing 400*3600 requests before kill actually reaches the parent? Pavel -- I'm pavel () ucw cz. "In my country we have almost anarchy and I don't care." Panos Katsaloulis describing me w.r.t. patents at discuss () linmodems org
Current thread:
- severe error in SSH session key recovery patch Matt Power (Feb 10)
- Re: severe error in SSH session key recovery patch Andrew Brown (Feb 12)
- Re: severe error in SSH session key recovery patch Kari Hurtta (Feb 12)
- Re: severe error in SSH session key recovery patch Robert Varga (Feb 12)
- Proposed "solution" is ugly workaround, in fact [Re: severe error in SSH session key recovery patch] Pavel Machek (Feb 19)
- Re: severe error in SSH session key recovery patch Tatu Ylonen (Feb 13)
- Re: severe error in SSH session key recovery patch Andrew Brown (Feb 12)