Hacker News new | ask | show | jobs
by jesprenj 1240 days ago
The app in question can just dump the memory of ssh-agent and obtain the private key from there. Or not?
1 comments
tristor 1240 days ago
Usually no. It requires root / Admin to dump memory of other processes, generally. Although vulnerabilities do exist.
link
jesprenj 1240 days ago
Are you sure this is how, let's say, Linux behaves?

I tested it now in a minimal privilege account in a chroot on Debian 11 that I use for login from untrusted machines, and strace worked. This is how I captured a password entered into a ssh client password prompt, opened in another login shell of the same user:

-bash-5.1$ ps aux | grep abcde

z 2502130 0.0 0.3 9500 6132 ? S+ 18:04 0:00 ssh abcde@localhost

z 2502140 0.0 0.1 6316 2336 ? S+ 18:04 0:00 grep abcde

-bash-5.1$ strace -p 2502130

strace: Process 2502130 attached

read(4, "s", 1) = 1

read(4, "e", 1) = 1

read(4, "c", 1) = 1

read(4, "r", 1) = 1

read(4, "e", 1) = 1

read(4, "t", 1) = 1

read(4, "\n", 1) = 1

write(4, "\n", 1) = 1

ioctl(4, TCGETS, {B38400 opost isig icanon -echo ...}) = 0

link