diff options
author | djm@openbsd.org <djm@openbsd.org> | 2024-10-14 03:57:50 +0200 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2024-10-14 05:01:37 +0200 |
commit | 6072e4c9385713e9c166f32cfca6a7e603d4f0b8 (patch) | |
tree | ea07b20ea04f48014ec2b958b432e3b6fc0b3b18 /mdoc2man.awk | |
parent | upstream: don't start the ObscureKeystrokeTiming mitigations if (diff) | |
download | openssh-6072e4c9385713e9c166f32cfca6a7e603d4f0b8.tar.xz openssh-6072e4c9385713e9c166f32cfca6a7e603d4f0b8.zip |
upstream: Split per-connection sshd-session binary
This splits the user authentication code from the sshd-session
binary into a separate sshd-auth binary. This will be executed by
sshd-session to complete the user authentication phase of the
protocol only.
Splitting this code into a separate binary ensures that the crucial
pre-authentication attack surface has an entirely disjoint address
space from the code used for the rest of the connection. It also
yields a small runtime memory saving as the authentication code will
be unloaded after thhe authentication phase completes.
Joint work with markus@ feedback deraadt@
Tested in snaps since last week
OpenBSD-Commit-ID: 9c3b2087ae08626ec31b4177b023db600e986d9c
Diffstat (limited to 'mdoc2man.awk')
0 files changed, 0 insertions, 0 deletions