On Sun, Feb 11, 2001 at 12:07:39PM -0500, Andrew Brown wrote:
> > -- With the patch, the lifespan of the server key still does not go
> > below one minute. As mentioned in CORE SDI's advisory, the number
> > of server connections necessary to carry out the attack is
> > normally very large but "the number of connections given is for
> > the average case and specifics cases will fall below the
> > average". This suggests that is not entirely out of the question
> > for the attack to succeed within one minute. If that risk is not
> > appropriate in one's environment, then other measures (which may
> > include inetd/tcpserver but may also include desupporting use of
> > SSH protocol 1.5) are needed.
>
> 1) {
> 2) static time_t last_kill_time = 0;
> 3) if (time(NULL) - last_kill_time > 60 && getppid() != 1)
> 4) {
> 5) last_kill_time = time(NULL);
> 6) kill(SIGALRM, getppid());
> 7) }
> 8) fatal("Bad result from rsa_private_decrypt");
> 9) }
Am I missing something ? time(NULL) returns something (other than 0, till
2036 at least ;-)), meaning (time(NULL) - last_kill_time) will we GREATER
than 60 (remeber - has higher priority wrt evaluation than >). That in turn
assigns the current system time to last_kill_time. It is declared static,
meaning it will RETAIN its value after the function returns, making the
above code work perfectly for the time being (next ~30 years).
--
Kind regards,
Robert Varga
------------------------------------------------------------------------------
[EMAIL PROTECTED] http://hq.sk/~nite/gpgkey.txt
PGP signature
