I am writing to this developer's list regarding the recent heartbleed bug.
[...]
We have in the past developed a XMHF hypapp called TrustVisor at CMU
where we propose to keep the OpenSSL private key inside an isolated
execution envionment within the apache web server. This would have
after update openssl and re-new all certificates one question
remains: in case of httpd-prefork would a attacker only have
been able to compromise the private key and data of his
worker-process or as well access the memory of other workers?
The address space boundary of the process is the
Personally I like humorous or thought provoking comments in source
files it
shows the human side of the authors.
If we want to make the whole thing bland and faceless then so be it. I
think it
will be lessened as a result.
If that's sentimental then I suppose I am.
I'd
Hi there,
Revision 1198940 attempts to fix an integer overflow in ap_pregsub() in
server/util.c:394. The patch is:
--- httpd/httpd/trunk/server/util.c 2011/11/07 21:09:41 1198939
+++ httpd/httpd/trunk/server/util.c 2011/11/07 21:13:40 1198940
@@ -411,6 +411,8 @@