Contributed by rueda on from the puffy-does-the-splits-again dept.
sshd-auth
as a separate binary.
The commit message summarizes why this makes sense,
Splitting this code into a separate binary ensures that the crucial pre-authentication attack surface has an entirely disjoint address space from the code used for the rest of the connection. It also yields a small runtime memory saving as the authentication code will be unloaded after thhe authentication phase completes.
The code is in snapshots as we type.
Read the whole thing after the fold -
With the following
commit,
Damien Miller (djm@
)
continued the process of splitting
sshd(8)
into multiple binaries:
CVSROOT: /cvs Module name: src Changes by: djm@cvs.openbsd.org 2024/10/13 19:57:50 Modified files: usr.bin/ssh : Makefile Makefile.inc log.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h pathnames.h sandbox-pledge.c sandbox-rlimit.c servconf.c servconf.h session.c ssh-sandbox.h sshd-session.c sshd.c usr.bin/ssh/sshd-session: Makefile Added files: usr.bin/ssh : sshd-auth.c usr.bin/ssh/sshd-auth: Makefile Log message: Split per-connection sshd-session binary This splits the user authentication code from the sshd-session binary into a separate sshd-auth binary. This will be executed by sshd-session to complete the user authentication phase of the protocol only. Splitting this code into a separate binary ensures that the crucial pre-authentication attack surface has an entirely disjoint address space from the code used for the rest of the connection. It also yields a small runtime memory saving as the authentication code will be unloaded after thhe authentication phase completes. Joint work with markus@ feedback deraadt@ Tested in snaps since last week
Like
sshd(8)
,
ssh-session
,
and ssh-agent(1)
,
sshd-auth
gets
randomly relinked
at boot.
(We reported earlier on the initial split.)
By Jurjen Oskam (joskam) jurjen@osk.am on
This takes me back to the qmail days, the more things change...
Reply