Hi
i know that this is more or less off-topic but i doubt there
are better sources to ask then the httpd-developers
after update openssl and re-new all certificates one question
remains: in case of httpd-prefork would a attacker only have
been able to compromise the private key and data of his
On 09 Apr 2014, at 1:48 PM, Reindl Harald h.rei...@thelounge.net wrote:
after update openssl and re-new all certificates one question
remains: in case of httpd-prefork would a attacker only have
been able to compromise the private key and data of his
worker-process or as well access the
Am 09.04.2014 13:53, schrieb Graham Leggett:
On 09 Apr 2014, at 1:48 PM, Reindl Harald h.rei...@thelounge.net wrote:
after update openssl and re-new all certificates one question
remains: in case of httpd-prefork would a attacker only have
been able to compromise the private key and data of
after update openssl and re-new all certificates one question
remains: in case of httpd-prefork would a attacker only have
been able to compromise the private key and data of his
worker-process or as well access the memory of other workers?
The address space boundary of the process is the
On 09 Apr 2014, at 2:14 PM, Roman Drahtmueller dr...@suse.de wrote:
There have been some zero-before-free changes in mozilla-nss recently.
It may be time to have object reuse issues in mind for both core and at
least the auth* modules.
The following function was added to apr-util to do that:
Am 09.04.2014 14:19, schrieb Graham Leggett:
On 09 Apr 2014, at 2:14 PM, Roman Drahtmueller dr...@suse.de wrote:
There have been some zero-before-free changes in mozilla-nss recently.
It may be time to have object reuse issues in mind for both core and at
least the auth* modules.
The
On Wed, Apr 9, 2014 at 5:48 AM, Reindl Harald h.rei...@thelounge.net wrote:
after update openssl and re-new all certificates one question
remains: in case of httpd-prefork would a attacker only have
been able to compromise the private key and data of his
worker-process or as well access the
Combined with typical ssl session shmcb ... That single process still has
session keys of other prefork processes, as well as the common ssl session
ticket key and ssl cert keys. In practice the benefits of prefork are
somewhat limited to casual attacks.
Am 09.04.2014 17:41, schrieb William A. Rowe Jr.:
Combined with typical ssl session shmcb ... That single process still has
session keys of other prefork processes,
as well as the common ssl session ticket key and ssl cert keys. In practice
the benefits of prefork are somewhat
limited to
On 09.04.2014 18:05, Reindl Harald wrote:
Am 09.04.2014 17:41, schrieb William A. Rowe Jr.:
Combined with typical ssl session shmcb ... That single process still has
session keys of other prefork processes,
as well as the common ssl session ticket key and ssl cert keys. In practice
the
Am 09.04.2014 21:42, schrieb Rainer Jung:
On 09.04.2014 18:05, Reindl Harald wrote:
Am 09.04.2014 17:41, schrieb William A. Rowe Jr.:
Combined with typical ssl session shmcb ... That single process still has
session keys of other prefork processes,
as well as the common ssl session ticket
On 09.04.2014 21:42, Rainer Jung wrote:
On 09.04.2014 18:05, Reindl Harald wrote:
Am 09.04.2014 17:41, schrieb William A. Rowe Jr.:
Combined with typical ssl session shmcb ... That single process still has
session keys of other prefork processes,
as well as the common ssl session ticket
12 matches
Mail list logo
