[source] dropbear: hide dropbear version

LEDE Commits lede-commits at lists.infradead.org
Sat Sep 10 03:18:13 PDT 2016


nbd pushed a commit to source.git, branch master:
https://git.lede-project.org/96f0bbe91d2176284324c4d9b4839b6878148602

commit 96f0bbe91d2176284324c4d9b4839b6878148602
Author: Kevin Darbyshire-Bryant <kevin at darbyshire-bryant.me.uk>
AuthorDate: Wed Sep 7 17:23:51 2016 +0100

    dropbear: hide dropbear version
    
    As security precaution and to limit the attack surface based on
    the version reported by tools like nmap mask out the dropbear
    version so the version is not visible anymore by snooping on the
    wire. Version is still visible by 'dropbear -V'
    
    Based on a patch by Hans Dedecker <dedeckeh at gmail.com>
    
    Signed-off-by: Kevin Darbyshire-Bryant <kevin at darbyshire-bryant.me.uk>
    Signed-off-by: Felix Fietkau <nbd at nbd.name> [remove trailing _]
---
 package/network/services/dropbear/Makefile | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile
index 36bcb4a..b80f4d5 100644
--- a/package/network/services/dropbear/Makefile
+++ b/package/network/services/dropbear/Makefile
@@ -105,6 +105,10 @@ define Build/Configure
 	  mv $(PKG_BUILD_DIR)/options.h.new $(PKG_BUILD_DIR)/options.h || exit 1; \
 	done
 
+	# remove protocol idented software version number
+	$(SED) 's,^#define LOCAL_IDENT .*$$$$,#define LOCAL_IDENT "SSH-2.0-dropbear",g' \
+		$(PKG_BUILD_DIR)/sysoptions.h
+
 	# Enforce rebuild of svr-chansession.c
 	rm -f $(PKG_BUILD_DIR)/svr-chansession.o
 endef



More information about the lede-commits mailing list