← Back to context

Comment by staticassertion

8 hours ago

Information leaks are not uncommon at all. nginx seems like a good target for them as well (fork + exec == no re-randomize, so you have the ability to reexec your exploit a lot of times to improve stability). edit: Seems that there's already good work in this area, I kinda forgot about brop gosh I'm old https://www.scs.stanford.edu/brop/

I suppose to keep the password analogy together, people reuse passwords all the time, timing attacks exist, etc?

2 comments

staticassertion

Reply
nicce  7 hours ago

For this particular bug, for that to apply, you need some sort of oracle which tells that you are actually in the same child process that skips re-randomization before you can reduce the entropy. Based on this post, I cannot see that there is stable oracle to tell that?

  • staticassertion  2 hours ago

    I'm not making a claim about this bug, I'm saying that oracles and leaks are common and that nginx seems like a good target for them.