[[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

Larry Sheldon LarrySheldon at cox.net
Wed Apr 16 23:12:50 UTC 2014


On 4/16/2014 4:34 PM, Jason Iannone wrote:
> I can't cite chapter and verse but I seem to remember this zeroing
> problem was solved decades ago by just introducing a bit which said
> this chunk of memory or disk is new (to this process) and not zeroed
> but if there's any attempt to actually access it then read it back as
> if it were filled with zeros, or alternatively zero it.
>
> Isn't that a result of the language?  Low level languages give that
> power to the author rather than assuming any responsibility.  Hacker
> News had a fairly in-depth discussion regarding the nature of C with
> some convincing opinions as to why it's not exactly the right tool to
> build this sort of system with.  The gist, forcing the author of a
> monster like OpenSSL to manage memory is a problem.

I dropped out of the discussion because I couldn't get a foot-hold, but 
I would like to know this:

If the hardware (as has been suggested) or the OS does any of this, how 
do diagnostic routine in or running under the OS work?

-- 
Requiescas in pace o email           Two identifying characteristics
                                         of System Administrators:
Ex turpi causa non oritur actio      Infallibility, and the ability to
                                         learn from their mistakes.
                                           (Adapted from Stephen Pinker)




More information about the NANOG mailing list