Re: Apache ap_getpass vulnerability

[Simon Tamás <simont () westel900 hu>]

Pavel Kankovsky wrote:
> On Sun, 2 Jan 2000, Simon Tamás wrote:
>
> > Unless this is done somebody who gets access to the webserver machine,
> > and therefore can read the private-key file, can also crash the Apache
> > in such a way that he can read the password from memory. All he has to
> > know is where the static char* inside getpass is in memory.
>
> The same memory space where the decrypted private key is stored and ready
> to be extracted the same way you would extract the password, right?

One shouldn't store the decrypted private key in memory.
Instead the encrypted private key and the pass phrase should be stored.
More important than this, these values can be discarded as soon as not
needed.
- after the initial handshake

I also think it's easier to find in memory something that's part of the
system's
core than something part of an application. (I might be wrong...)

S.T.


> --Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
> "Resistance is futile. Open your source code and prepare for assimilation."

Attachment: simont.vcf
Description: Card for Simon Tamás