On Thu, 30 Jan 2003, David Endler wrote:

>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Dragos,
>
> Non issue? Even though it's a low severity risk, isn't it plausible that
> memory containing this sensitive information gets swapped to disk? After
> I had ssh'd from a computer only *once* in a shared environment (kiosk,
> lab, etc), couldn't someone could still compromise it afterward and gain
> those credentials to other systems?

Fine, it gets swapped to disk. If someone can get access to your swap, you
have larger issues at work than just the ssh info. Yes, this is one of
many issues, but if it were *me* doing the attacking, I'd replace the exe
with one that grabbed *all* passwords, plus a dozen other malicious items.

Secondly, if someone is serious about security, do they run an ssh
client from a known risky environment such as a kiosk? Maybe you do -- I
don't.

If someone can gain access to your swap, you are fux0red, plain and
simple. The fact that you released an advisory stating that memory and
swap is insecure and then follow up with talk about kiosks shows you are
not grasping the big picture. Sure you can lock mem pages (on some systems
at least) and you can do a few other tricks but unless you 100% control
the box you certainly can't control 100% of the information you supply to
any process on that box. *That* is why this is a non-issue.

- Simple Nomad - negotium -
- thegnomenmrc.org - perambulans -
- thegnomerazor.bindview.com - in tenebris -

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]