Re: systemd and other system services (in)compatibility with Linux procfs hidepid (was: darkhttpd: timing attack and local leak of HTTP basic auth credentials)

[Matthias Gerstner <mgerstner () suse de>]

Hello,

On Fri, Feb 02, 2024 at 07:12:44PM +0100, Solar Designer wrote:
> Since I'm adding to a thread started with Matthias' security review of
> darkhttpd, I'd like to say that I'm impressed by his consistent effort
> to review code that few others look at and the consistently high quality
> of his findings and write-ups.  Thank you, Matthias!  Also, thank you
> SUSE for (apparently) enabling Matthias to spend time on this.

thanks a lot for the recognition!

In the face of the codebase of a complete Linux distribution there are
limits to what our team can do, but we try to invest our resources
efficiently and hope to contribute back to the community this way.
Getting feedback like this for sure motivates us to continue on this
path.

Best Regards

Matthias

Attachment: signature.asc
Description: