HackerTrans
TopNewTrendsCommentsPastAskShowJobs

42wim

no profile record

comments

42wim
·hace 3 meses·discuss
I've (well, mostly Claude did) created a module that unloads the active AF_ALG (builtin) module and mitigates the exploit without having to reboot.

Tested on almalinux8/9

https://gist.github.com/42wim/2e3cc3c92333e4c2730541e6f0e038...

YMMV
42wim
·hace 2 años·discuss
I've done the same with https://github.com/42wim/ssh-agentx/ Originally used to sign git commits with pgp in the sshagent, before ssh git commit signing was a thing.

Nowadays, I'm using it for signing code remotely on a server with a yubikey on the local laptop. (needs a patched relic - https://github.com/42wim/relic/tree/sshtoken)

Also works with windows as it uses https://github.com/buptczq/WinCryptSSHAgent that did the hard work to get it to talk with almost everything that exists in windows/wsl/putty etc.