[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 24 Jan 2024 19:15:49 +0100
From: Anton Luka Šijanec <anton@...anec.eu>
To: oss-security@...ts.openwall.com
Subject: Re: Re: darkhttpd: timing attack and local leak of HTTP basic auth credentials
Hello,
I can see UID numbers in /proc/net/tcp6 as a non-root user even though my procfs is mounted with hidepid=invisible (ps aux only shows my processes). My system is Gentoo Linux with kernel 6.1.69. Peeking at the source, it looks like oidentd indeed reads from /proc/net/tcp6. I run oidentd on a system with hidepid=invisible and oidentd runs as a separate oidentd user and does work (tested by trying to connect to an IrcNet server).
regards
On 24 January 2024 18:39:38 CET, nightmare.yeah27@...ecat.org wrote:
>Do not the various implementations of the *ident* protocol (example: oidentd)
>rely on this interface? They are often, or always, intentionally configured
>to run as nobody or a dedicated UID.
>
>--
>Ian
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
