[171018] in North American Network Operators' Group
Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]
daemon@ATHENA.MIT.EDU (Scott Howard)
Tue Apr 15 02:55:26 2014
In-Reply-To: <534C849C.2090103@cox.net>
Date: Mon, 14 Apr 2014 23:54:38 -0700
From: Scott Howard <scott@doc.net.au>
To: Larry Sheldon <LarrySheldon@cox.net>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mon, Apr 14, 2014 at 6:00 PM, Larry Sheldon <LarrySheldon@cox.net> wrote:
> Is the heartbleed bug not proof positive that it is not being done today?
>
On the contrary. Heartbleed is "proof" that memory IS cleared before being
assigned to a *process*. The data available via the vulnerability is
limited to data from the process itself, not from any other process on the
system. ie, Heartbleed can give up your SSL keys, but not your /etc/shadow
file.
If memory wasn't cleared before being allocated to a process, every
multi-user systems would be vulnerable to Heartbleed-style vulnerability -
just allocate some memory, and go reading. Eventually you'd get something
containing /etc/shadow or other data you shouldn't be seeing.
Within a process (ie, memory being re-allocated to the same process) there
are ways to achieve the same thing, however as there's generally no
security reasons for doing so, and as there is a non-trivial overhead, it's
not done by default.
Scott
