oss-sec mailing list archives
Re: Thoughts on Shellshock and beyond
From: "David A. Wheeler" <dwheeler () dwheeler com>
Date: Wed, 15 Oct 2014 07:49:10 -0400
Buffer reuse is common in languages with memory safety (so that I/O
throughput is not bounded by garbage collector throughput). The impact is reduced (you only leak prior buffer contents, whatever that might be, not anything which happens to be in the vicinity on the heap). But I don't think it's true that memory safety prevents such information leaks Heartbleed definitely would have been countered by memory-safe languages. NIST even demonstrated that address sanitizer countered it, which is direct experimental proof. More info at http://www.dwheeler.com/essays/heartbleed.html --- David A.Wheeler
Current thread:
- Re: Thoughts on Shellshock and beyond, (continued)
- Re: Thoughts on Shellshock and beyond Tim (Oct 08)
- Re: Thoughts on Shellshock and beyond John Haxby (Oct 09)
- Re: Thoughts on Shellshock and beyond Kobrin, Eric (Oct 09)
- Re: Thoughts on Shellshock and beyond Stephane Chazelas (Oct 08)
- Re: Thoughts on Shellshock and beyond David A. Wheeler (Oct 08)
- Re: Thoughts on Shellshock and beyond Tim (Oct 08)
- Re: Thoughts on Shellshock and beyond Michal Zalewski (Oct 07)
- Re: Thoughts on Shellshock and beyond David A. Wheeler (Oct 14)
- Re: Thoughts on Shellshock and beyond Robert Watson (Oct 14)
- Re: Thoughts on Shellshock and beyond Florian Weimer (Oct 15)
- Re: Thoughts on Shellshock and beyond David A. Wheeler (Oct 15)