There is a security problem with ssh on some Unix platforms.
Actually, the problem is with the platforms themselves, not
with ssh, but nevertheless.
Problem cause:
Some unix kernels do not clean up memory, before they give
it back to the free memory pool.
Scenario:
One makes a sniffer program, that finds all ssh processes running and
ssh-agents, too. When one of those quits, the sniffer starts
malloc():ing like crazy in a hope to claim the memory area used by the
just recently terminated ssh-process. If the kernel didn't clean up the
memory area, then you can go in and scan your malloc'd area for private
keys, passphrases, passwords whatever.
This is not a problem on Linux, where the kernel cleans up the fallout
left over by processes. However, at least HP-UX and Tru64 Unix do NOT
do anything for the memory, before the kernel gives it away
for others to use.
So, could ssh be changed to destroy itself from memory just before it
exits? That would at least reduce the chances of doing the above. One
might still be able to crash an ssh-process in some way to leave its
data area intact, but that is an order of magnitude more difficult than
just having it exit normally. Of course, the cleanup is a job for the
unix kernel, but how quickly are the manufacturers going to change
their kernel code and release patches?
ArNO
2
