oss-security - Re: systemd and other system services (in)compatibility with Linux procfs hidepid (was: darkhttpd: timing attack and local leak of HTTP basic auth credentials)

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Date: Mon, 5 Feb 2024 14:08:59 +0100
From: Matthias Gerstner <mgerstner@...e.de>
To: oss-security@...ts.openwall.com
Subject: Re: systemd and other system services
 (in)compatibility with Linux procfs hidepid (was: darkhttpd: timing attack
 and local leak of HTTP basic auth credentials)

Hello,

On Fri, Feb 02, 2024 at 07:12:44PM +0100, Solar Designer wrote:
> Since I'm adding to a thread started with Matthias' security review of
> darkhttpd, I'd like to say that I'm impressed by his consistent effort
> to review code that few others look at and the consistently high quality
> of his findings and write-ups.  Thank you, Matthias!  Also, thank you
> SUSE for (apparently) enabling Matthias to spend time on this.

thanks a lot for the recognition!

In the face of the codebase of a complete Linux distribution there are
limits to what our team can do, but we try to invest our resources
efficiently and hope to contribute back to the community this way.
Getting feedback like this for sure motivates us to continue on this
path.

Best Regards

Matthias

Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.