[source] dropbear: hide dropbear version
LEDE Commits
lede-commits at lists.infradead.org
Sat Sep 10 03:18:13 PDT 2016
nbd pushed a commit to source.git, branch master:
https://git.lede-project.org/96f0bbe91d2176284324c4d9b4839b6878148602
commit 96f0bbe91d2176284324c4d9b4839b6878148602
Author: Kevin Darbyshire-Bryant <kevin at darbyshire-bryant.me.uk>
AuthorDate: Wed Sep 7 17:23:51 2016 +0100
dropbear: hide dropbear version
As security precaution and to limit the attack surface based on
the version reported by tools like nmap mask out the dropbear
version so the version is not visible anymore by snooping on the
wire. Version is still visible by 'dropbear -V'
Based on a patch by Hans Dedecker <dedeckeh at gmail.com>
Signed-off-by: Kevin Darbyshire-Bryant <kevin at darbyshire-bryant.me.uk>
Signed-off-by: Felix Fietkau <nbd at nbd.name> [remove trailing _]
---
package/network/services/dropbear/Makefile | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile
index 36bcb4a..b80f4d5 100644
--- a/package/network/services/dropbear/Makefile
+++ b/package/network/services/dropbear/Makefile
@@ -105,6 +105,10 @@ define Build/Configure
mv $(PKG_BUILD_DIR)/options.h.new $(PKG_BUILD_DIR)/options.h || exit 1; \
done
+ # remove protocol idented software version number
+ $(SED) 's,^#define LOCAL_IDENT .*$$$$,#define LOCAL_IDENT "SSH-2.0-dropbear",g' \
+ $(PKG_BUILD_DIR)/sysoptions.h
+
# Enforce rebuild of svr-chansession.c
rm -f $(PKG_BUILD_DIR)/svr-chansession.o
endef
More information about the lede-commits
mailing list