On 09.04.2014 21:42, Rainer Jung wrote:
> On 09.04.2014 18:05, Reindl Harald wrote:
>>
>>
>> Am 09.04.2014 17:41, schrieb William A. Rowe Jr.:
>>> Combined with typical ssl session shmcb ... That single process still has
>>> session keys of other prefork processes,
>>> as well as the common ssl se
Am 09.04.2014 21:42, schrieb Rainer Jung:
> On 09.04.2014 18:05, Reindl Harald wrote:
>> Am 09.04.2014 17:41, schrieb William A. Rowe Jr.:
>>> Combined with typical ssl session shmcb ... That single process still has
>>> session keys of other prefork processes,
>>> as well as the common ssl sess
On 09.04.2014 18:05, Reindl Harald wrote:
>
>
> Am 09.04.2014 17:41, schrieb William A. Rowe Jr.:
>> Combined with typical ssl session shmcb ... That single process still has
>> session keys of other prefork processes,
>> as well as the common ssl session ticket key and ssl cert keys. In practi
Am 09.04.2014 17:41, schrieb William A. Rowe Jr.:
> Combined with typical ssl session shmcb ... That single process still has
> session keys of other prefork processes,
> as well as the common ssl session ticket key and ssl cert keys. In practice
> the benefits of prefork are somewhat
> limite
Combined with typical ssl session shmcb ... That single process still has
session keys of other prefork processes, as well as the common ssl session
ticket key and ssl cert keys. In practice the benefits of prefork are
somewhat limited to casual attacks.
On Wed, Apr 9, 2014 at 5:48 AM, Reindl Harald wrote:
> after update openssl and re-new all certificates one question
> remains: in case of httpd-prefork would a attacker only have
> been able to compromise the private key and data of his
> worker-process or as well access the memory of other worke
Am 09.04.2014 14:19, schrieb Graham Leggett:
> On 09 Apr 2014, at 2:14 PM, Roman Drahtmueller wrote:
>
>> There have been some zero-before-free changes in mozilla-nss recently.
>> It may be time to have object reuse issues in mind for both core and at
>> least the auth* modules.
>
> The follow
On 09 Apr 2014, at 2:14 PM, Roman Drahtmueller wrote:
> There have been some zero-before-free changes in mozilla-nss recently.
> It may be time to have object reuse issues in mind for both core and at
> least the auth* modules.
The following function was added to apr-util to do that:
/**
* @b
> after update openssl and re-new all certificates one question
> remains: in case of httpd-prefork would a attacker only have
> been able to compromise the private key and data of his
> worker-process or as well access the memory of other workers?
>
The address space boundary of the process is t
Am 09.04.2014 13:53, schrieb Graham Leggett:
> On 09 Apr 2014, at 1:48 PM, Reindl Harald wrote:
>> after update openssl and re-new all certificates one question
>> remains: in case of httpd-prefork would a attacker only have
>> been able to compromise the private key and data of his
>> worker-pro
On 09 Apr 2014, at 1:48 PM, Reindl Harald wrote:
> after update openssl and re-new all certificates one question
> remains: in case of httpd-prefork would a attacker only have
> been able to compromise the private key and data of his
> worker-process or as well access the memory of other workers?
Hi
i know that this is more or less off-topic but i doubt there
are better sources to ask then the httpd-developers
after update openssl and re-new all certificates one question
remains: in case of httpd-prefork would a attacker only have
been able to compromise the private key and data of his
wo
12 matches
Mail list logo
