nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

From: Larry Sheldon <LarrySheldon () cox net>
Date: Wed, 16 Apr 2014 18:12:50 -0500
On 4/16/2014 4:34 PM, Jason Iannone wrote:

I can't cite chapter and verse but I seem to remember this zeroing
problem was solved decades ago by just introducing a bit which said
this chunk of memory or disk is new (to this process) and not zeroed
but if there's any attempt to actually access it then read it back as
if it were filled with zeros, or alternatively zero it.

Isn't that a result of the language?  Low level languages give that
power to the author rather than assuming any responsibility.  Hacker
News had a fairly in-depth discussion regarding the nature of C with
some convincing opinions as to why it's not exactly the right tool to
build this sort of system with.  The gist, forcing the author of a
monster like OpenSSL to manage memory is a problem.
I dropped out of the discussion because I couldn't get a foot-hold, but I would like to know this:
If the hardware (as has been suggested) or the OS does any of this, how do diagnostic routine in or running under the OS work? 

--
Requiescas in pace o email           Two identifying characteristics
                                        of System Administrators:
Ex turpi causa non oritur actio      Infallibility, and the ability to
                                        learn from their mistakes.
                                          (Adapted from Stephen Pinker)
Previous By Date Next
Previous By Thread Next

Current thread: