Re: OpenSSH uploaded replacing ssh, please test
On Thu, Nov 04, 1999 at 03:53:03PM +0000, Philip Hands wrote:
> > And here's ssh-askpass too. Consider it public domain.
> Is that attempting to do anything to stop people sniffing the
> passphrase?
>
> It needs to do the same sorts of tricks that xdm does to ensure that
> someone hasn't run an invisible keyboard-event grabber before running
> ssh-askpass.
It grabs the X focus globally, in the same way xterm's
Secure keyboard -option and ssh-askpass seem to do.
I will not read the source of ssh-askpass, that might be
viewed as copyright infrigment (sp?).
I am no X expert, but I don't think there's more to do
than that. Unless you want to lock the pages into memory
etc..
--
Havoc Consulting | unix, linux, perl, mail, www, internet, security consulting
+358 50 5486010 | software development, unix administration, training
Reply to: