Re: darkhttpd: timing attack and local leak of HTTP basic auth credentials

Re: darkhttpd: timing attack and local leak of HTTP basic auth credentials

Open Source Security 

Posted by Hanno Böck on Jan 23

I’d like to comment on that.
While „on Linux“ *in most distros default settings* this is true, the
Linux Kernel actually has a mitigation for this since quite a while.

This is a feature that I believe was initially introduced by
grsecurity, but was lated ported as an option to the mainline kernel.
/proc can be mounted with the hidepid option (ideally set to hidepid=2)
[1], with it enabled users cannot see processes of other users….
 Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert