oss-sec mailing list archives
Re: Re: darkhttpd: timing attack and local leak of HTTP basic auth credentials
From: Anton Luka Šijanec <anton () sijanec eu>
Date: Wed, 24 Jan 2024 19:15:49 +0100
Hello, I can see UID numbers in /proc/net/tcp6 as a non-root user even though my procfs is mounted with hidepid=invisible (ps aux only shows my processes). My system is Gentoo Linux with kernel 6.1.69. Peeking at the source, it looks like oidentd indeed reads from /proc/net/tcp6. I run oidentd on a system with hidepid=invisible and oidentd runs as a separate oidentd user and does work (tested by trying to connect to an IrcNet server). regards On 24 January 2024 18:39:38 CET, nightmare.yeah27 () aceecat org wrote:
Do not the various implementations of the *ident* protocol (example: oidentd) rely on this interface? They are often, or always, intentionally configured to run as nobody or a dedicated UID. -- Ian
Current thread:
- darkhttpd: timing attack and local leak of HTTP basic auth credentials Matthias Gerstner (Jan 23)
- Re: darkhttpd: timing attack and local leak of HTTP basic auth credentials Hanno Böck (Jan 23)
- Re: darkhttpd: timing attack and local leak of HTTP basic auth credentials Johannes Segitz (Jan 24)
- Re: darkhttpd: timing attack and local leak of HTTP basic auth credentials nightmare . yeah27 (Jan 24)
- Re: Re: darkhttpd: timing attack and local leak of HTTP basic auth credentials Anton Luka Šijanec (Jan 24)
- Re: darkhttpd: timing attack and local leak of HTTP basic auth credentials Johannes Segitz (Jan 24)
- systemd and other system services (in)compatibility with Linux procfs hidepid (was: darkhttpd: timing attack and local leak of HTTP basic auth credentials) Solar Designer (Feb 02)
- Re: darkhttpd: timing attack and local leak of HTTP basic auth credentials Hanno Böck (Jan 23)
- Re: darkhttpd: timing attack and local leak of HTTP basic auth credentials Matthias Gerstner (Jan 25)