CVS log for src/usr.bin/ssh/monitor.h

Request diff between arbitrary revisions

Default branch: MAIN
Current tag: OPENBSD_6_3

Revision 1.20 / (download) - annotate - [select for diffs], Wed Sep 28 16:33:07 2016 UTC (7 years, 8 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE, OPENBSD_6_3, OPENBSD_6_2_BASE, OPENBSD_6_2, OPENBSD_6_1_BASE, OPENBSD_6_1
Changes since 1.19: +1 -5 lines
Diff to previous 1.19 (colored)

Remove support for pre-authentication compression. Doing compression
early in the protocol probably seemed reasonable in the 1990s, but
today it's clearly a bad idea in terms of both cryptography (cf.
multiple compression oracle attacks in TLS) and attack surface.

Moreover, to support it across privilege-separation zlib needed
the assistance of a complex shared-memory manager that made the
required attack surface considerably larger.

Prompted by Guido Vranken pointing out a compiler-elided security
check in the shared memory manager found by Stack
(http://css.csail.mit.edu/stack/); ok deraadt@ markus@

NB. pre-auth authentication has been disabled by default in sshd
for >10 years.

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.

Diffs between
and

Preferred Diff type:
View only Branch:
Sort log by: