oss-sec mailing list archives
Re: systemd and other system services (in)compatibility with Linux procfs hidepid (was: darkhttpd: timing attack and local leak of HTTP basic auth credentials)
From: Matthias Gerstner <mgerstner () suse de>
Date: Mon, 5 Feb 2024 14:08:59 +0100
Hello, On Fri, Feb 02, 2024 at 07:12:44PM +0100, Solar Designer wrote:
Since I'm adding to a thread started with Matthias' security review of darkhttpd, I'd like to say that I'm impressed by his consistent effort to review code that few others look at and the consistently high quality of his findings and write-ups. Thank you, Matthias! Also, thank you SUSE for (apparently) enabling Matthias to spend time on this.
thanks a lot for the recognition! In the face of the codebase of a complete Linux distribution there are limits to what our team can do, but we try to invest our resources efficiently and hope to contribute back to the community this way. Getting feedback like this for sure motivates us to continue on this path. Best Regards Matthias
Attachment:
signature.asc
Description:
Current thread:
- darkhttpd: timing attack and local leak of HTTP basic auth credentials Matthias Gerstner (Jan 23)
- Re: darkhttpd: timing attack and local leak of HTTP basic auth credentials Hanno Böck (Jan 23)
- Re: darkhttpd: timing attack and local leak of HTTP basic auth credentials Johannes Segitz (Jan 24)
- Re: darkhttpd: timing attack and local leak of HTTP basic auth credentials nightmare . yeah27 (Jan 24)
- Re: Re: darkhttpd: timing attack and local leak of HTTP basic auth credentials Anton Luka Šijanec (Jan 24)
- Re: darkhttpd: timing attack and local leak of HTTP basic auth credentials Johannes Segitz (Jan 24)
- systemd and other system services (in)compatibility with Linux procfs hidepid (was: darkhttpd: timing attack and local leak of HTTP basic auth credentials) Solar Designer (Feb 02)
- Re: systemd and other system services (in)compatibility with Linux procfs hidepid (was: darkhttpd: timing attack and local leak of HTTP basic auth credentials) Matthias Gerstner (Feb 05)
- Re: darkhttpd: timing attack and local leak of HTTP basic auth credentials Hanno Böck (Jan 23)
- Re: darkhttpd: timing attack and local leak of HTTP basic auth credentials Matthias Gerstner (Jan 25)