upstream: Split per-connection sshd-session binary - openssh

diff options

author	djm@openbsd.org <djm@openbsd.org>	2024-10-14 03:57:50 +0200
committer	Damien Miller <djm@mindrot.org>	2024-10-14 05:01:37 +0200
commit	6072e4c9385713e9c166f32cfca6a7e603d4f0b8 (patch)
tree	ea07b20ea04f48014ec2b958b432e3b6fc0b3b18 /regress/servcfginclude.sh
parent	upstream: don't start the ObscureKeystrokeTiming mitigations if (diff)
download	openssh-6072e4c9385713e9c166f32cfca6a7e603d4f0b8.tar.xz openssh-6072e4c9385713e9c166f32cfca6a7e603d4f0b8.zip

upstream: Split per-connection sshd-session binary

This splits the user authentication code from the sshd-session binary into a separate sshd-auth binary. This will be executed by sshd-session to complete the user authentication phase of the protocol only. Splitting this code into a separate binary ensures that the crucial pre-authentication attack surface has an entirely disjoint address space from the code used for the rest of the connection. It also yields a small runtime memory saving as the authentication code will be unloaded after thhe authentication phase completes. Joint work with markus@ feedback deraadt@ Tested in snaps since last week OpenBSD-Commit-ID: 9c3b2087ae08626ec31b4177b023db600e986d9c

Diffstat (limited to '')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: