Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <99053B65-6161-46F7-A5B2-BB13B2BD6503@sijanec.eu>
Date: Wed, 24 Jan 2024 19:15:49 +0100
From: Anton Luka Šijanec <anton@...anec.eu>
To: oss-security@...ts.openwall.com
Subject: Re: Re: darkhttpd: timing attack and local leak of HTTP basic auth credentials

Hello,

I can see UID numbers in /proc/net/tcp6 as a non-root user even though my procfs is mounted with hidepid=invisible (ps aux only shows my processes). My system is Gentoo Linux with kernel 6.1.69. Peeking at the source, it looks like oidentd indeed reads from /proc/net/tcp6. I run oidentd on a system with hidepid=invisible and oidentd runs as a separate oidentd user and does work (tested by trying to connect to an IrcNet server).

regards

On 24 January 2024 18:39:38 CET, nightmare.yeah27@...ecat.org wrote:
>Do not the various implementations of the *ident* protocol (example: oidentd)
>rely on this interface? They are often, or always, intentionally configured
>to run as nobody or a dedicated UID.
>
>-- 
>Ian

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.