summaryrefslogtreecommitdiffstats
path: root/kexecdh.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2024-10-14 03:57:50 +0200
committerDamien Miller <djm@mindrot.org>2024-10-14 05:01:37 +0200
commit6072e4c9385713e9c166f32cfca6a7e603d4f0b8 (patch)
treeea07b20ea04f48014ec2b958b432e3b6fc0b3b18 /kexecdh.c
parentupstream: don't start the ObscureKeystrokeTiming mitigations if (diff)
downloadopenssh-6072e4c9385713e9c166f32cfca6a7e603d4f0b8.tar.xz
openssh-6072e4c9385713e9c166f32cfca6a7e603d4f0b8.zip
upstream: Split per-connection sshd-session binary
This splits the user authentication code from the sshd-session binary into a separate sshd-auth binary. This will be executed by sshd-session to complete the user authentication phase of the protocol only. Splitting this code into a separate binary ensures that the crucial pre-authentication attack surface has an entirely disjoint address space from the code used for the rest of the connection. It also yields a small runtime memory saving as the authentication code will be unloaded after thhe authentication phase completes. Joint work with markus@ feedback deraadt@ Tested in snaps since last week OpenBSD-Commit-ID: 9c3b2087ae08626ec31b4177b023db600e986d9c
Diffstat (limited to 'kexecdh.c')
0 files changed, 0 insertions, 0 deletions