Bug#298689: What do you gain?

To: Nick Phillips <Nick.Phillips@stonebow.otago.ac.nz>, 298689@bugs.debian.org
Subject: Bug#298689: What do you gain?
From: Adam Conrad <adconrad@0c3.net>
Date: Mon, 20 Mar 2006 12:18:26 +1100
Message-id: <[🔎] 441E02E2.5040903@0c3.net>
Reply-to: Adam Conrad <adconrad@0c3.net>, 298689@bugs.debian.org
In-reply-to: <[🔎] 60536690-92B1-4A79-ADB0-7077EB1AD3E3@stonebow.otago.ac.nz>
References: <[🔎] 60536690-92B1-4A79-ADB0-7077EB1AD3E3@stonebow.otago.ac.nz>

Nick Phillips wrote:
> Using a passphrase on your ssl keys should mean that "someone" is unable
> to take them and use them elsewhere without your knowledge.

You do realise that anyone with root access on your machine while apache
is running can just yank the unencrypted key right out of apache's
memory space, right?  This is obviously true, since if apache didn't
keep either your key or your passphrase (which would amount to the same
thing) in memory at all times, it would have to ask you for your
passphrase on each incoming connection.

... Adam

Reply to:

References:
- Bug#298689: What do you gain?
  - From: Nick Phillips <Nick.Phillips@stonebow.otago.ac.nz>

Prev by Date: Bug#298689: What do you gain?
Next by Date: Processed: tagging 350677
Previous by thread: Bug#298689: What do you gain?
Next by thread: Processed: tagging 350677
Index(es):
- Date
- Thread