httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <minf...@sharp.fm>
Subject Re: half-OT: heartbleed CVE-2014-0160
Date Wed, 09 Apr 2014 11:53:20 GMT
On 09 Apr 2014, at 1:48 PM, Reindl Harald <h.reindl@thelounge.net> wrote:

> after update openssl and re-new all certificates one question
> remains: in case of httpd-prefork would a attacker only have
> been able to compromise the private key and data of his
> worker-process or as well access the memory of other workers?

In the case of prefork this wouldn't be true, no - they would only be able to compromise the
memory of that process only. They may be able to access username/passwords from previous requests
if they were still visible.

In the case of the worker and event mpms, the memory of other workers could be compromised,
yes.

Regards,
Graham
--


Mime
View raw message