Jethro Beekman wrote: > I've been looking at pcache helper, trying to understand its design and > security properties. Besides its obvious shortcomings (using only broken > ciphers), I can't seem to answer this one simple question: it seems > mod_nss is perfectly able to store information in between module > unload/load (e.g. nInitCount, proc), what does it need the helper for? >
I should probably remove the other ciphers and/or add newer ones, it will probably always use Triple-DES which while not super secure by today's standards given the limited use case it should be fine. The tokens are cached outside of Apache for two reasons: 1. Apache unloads modules between the initial load and the final load. Only during the initial load is stdin available so if one wanted to prompt for passwords that is your only chance. So assuming I grabbed the passwords and did key wrapping, unloading the module would also shutdown NSS and the keys would be lost. 2. Process separation is a nice side-effect of this. If httpd core dumps there is very little chance of leaving token keys lying around. Things are a LOT easier in a threaded model but given Apache needs to spawn new listening processes the cleartext token passwords need to be kept handy. rob _______________________________________________ Mod_nss-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/mod_nss-list
