[[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

Matthew Black Matthew.Black at csulb.edu
Tue Apr 15 13:56:52 UTC 2014


From: Doug Barton [mailto:dougb at dougbarton.us] 
> When you say "clear the disk allocated to programs" what do you mean
> exactly?

Seriously? When files are deleted, their sectors are simply released to the free space pool without erasing their contents. Allocation of disk sectors without clearing them gives users/programs access to file contents previously stored by other users/programs.

As to why this is a problem, well, as they write in some math textbooks, the answer is trivial and left as an exercise to the reader. Well, usually trivial.

matthew black
california state university, long beach


-----Original Message-----
From: Doug Barton [mailto:dougb at dougbarton.us] 
Sent: Monday, April 14, 2014 7:48 PM
To: nanog at nanog.org
Subject: Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On 04/14/2014 05:50 PM, John Levine wrote:
> In article <534C68F4.305 at cox.net> you write:
>> On 4/14/2014 9:38 AM, Matthew Black wrote:
>>> Shouldn't a decent OS scrub RAM and disk sectors before allocating
>>> them to processes, unless that process enters processor privileged
>>> mode and sets a call flag? I recall digging through disk sectors on
>>> RSTS/E to look for passwords and other interesting stuff over 30
>>> years ago.
>>
>> I have been out of the loop for quite a while but my strongly held
>> belief is that such scrubbing would be an enormous (and intolerable)
>> overhead ...
>
> It must be quite a while.  Unix systems have routinely cleared the RAM
> and disk allocated to programs since the earliest days.

When you say "clear the disk allocated to programs" what do you mean 
exactly?








More information about the NANOG mailing list