Comments by "Mikko Rantalainen" (@MikkoRantalainen) on "Insane Vulnerability In OpenSSH Discovered" video.

  1. TL;DR: ssh was supposed to use single-threaded but was executed as effectively multi-threaded thanks to SIGALARM being implemented incorrectly (single-threaded program should not cause any non-volatile changes to program state from SIGALARM handler). Had all of ssh been written as multi-threaded code the SIGALARM handler would have worked as expected because it would have had to use proper locking to access shared memory structures. Of course, that would have been true only if somebody had been able to write correct multi-threaded code in C – that is, without any security vulnerabilities. Even Linux kernel fails this every now and then. Human programmers are not careful enough to write security sensitive code in C except for random happy mistakes. Update: 41:05 Yes, in other words it's re-entrant bug. Shouldn't happen in single-threaded code in theory but incorrectly written signal handlers can break those assumptions.
    1
  2. 48:07 "I like how they use word 'easily'" – I agree. It would be interesting to hear what kind of task the authors would call "barely controllable" or "nearly impossible to control".
    1