[16234] in bugtraq
Re: recovering ssh passwords from memory
daemon@ATHENA.MIT.EDU (Scott Long)
Mon Aug 14 16:14:21 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <399810AD.53558E7C@swiftview.com>
Date: Mon, 14 Aug 2000 08:30:53 -0700
Reply-To: scott@swiftview.com
From: Scott Long <scott@SWIFTVIEW.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
> Note that this is not portable. If you wanted to use a similar
> approach on other systems, you might need to use f->_IO_read_base
> rather than f->_base. Also, you could instead modify the code so that
> read(2) is used for password input, avoiding stdio completely.
Correct portable solution is setvbuf(). This is ANSI and allows you
to select where you want to place the stdio buffer. Just clear it after
you're finished with it.
Scott
