Re: Apache ap_getpass vulnerability

["Jon Paul, Nollmann" <sinster () DARKWATER COM>]

> You have an apache module that communicates via SSL with some other
> server.
[...]
> The private key is usually password protected.

In my experience, the private key is almost never password protected.

Reason: since eventually getpass() gets called to read the password,
there is no way to redirect this information from a file.  That means
that it is impossible for the webserver to restart unattended: it will
hang waiting for the password to be input, or error-out because there
is no controlling terminal (as would be the case of a startup from
/etc/rc or its subscripts), and therefore the open of /dev/tty will
fail.  Since its not reasonable to require the webserver to be
restarted manually at every failure, and a password-protected private
key requires exactly that, no (or few) people password-protect their
private keys.  Those few who do password-protect their private
keys arrange alternate configuration mechanisms so that they don't
have to wait on an admin to type the password at every startup.

Otherwise, you're right: if the site depends on an admin typing
a password to restart the webserver at every system boot, then
the getpass() issue arises.

--
Jon Paul Nollmann ne' Darren Senn                      sinster () balltech net
Unsolicited commercial email will be archived at $1/byte/day.
The optimist proclaims that we live in the best of all possible worlds; and
the pessimist fears this is true.
                             James Branch Cabell, The Silver Stallion, 1926