view debian/dropbear.postrm @ 1861:2b3a8026a6ce

Add re-exec for server This allows ASLR to re-randomize the address space for every connection, preventing some vulnerabilities from being exploitable by repeated probing. Overhead (memory and time) is yet to be confirmed. At present this is only enabled on Linux. Other BSD platforms with fexecve() would probably also work though have not been tested.
author Matt Johnston <matt@ucc.asn.au>
date Sun, 30 Jan 2022 10:14:56 +0800
parents b0316ce64e4b
children
line wrap: on
line source

#! /bin/sh
set -e

test "$1" = 'purge' || exit 0
if test -e /etc/dropbear; then
  rm -f /etc/dropbear/dropbear_rsa_host_key
  rm -f /etc/dropbear/dropbear_dss_host_key
  rmdir --ignore-fail-on-non-empty /etc/dropbear
fi
update-rc.d dropbear remove >/dev/null
rm -f /etc/default/dropbear
rm -rf /etc/dropbear/supervise /etc/dropbear/log/supervise