[171019] in North American Network Operators' Group
RE: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]
daemon@ATHENA.MIT.EDU (Matthew Black)
Tue Apr 15 09:58:02 2014
From: Matthew Black <Matthew.Black@csulb.edu>
To: Doug Barton <dougb@dougbarton.us>, "nanog@nanog.org" <nanog@nanog.org>
Date: Tue, 15 Apr 2014 13:56:52 +0000
In-Reply-To: <534C9DD2.4060000@dougbarton.us>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
From: Doug Barton [mailto:dougb@dougbarton.us]=20
> When you say "clear the disk allocated to programs" what do you mean
> exactly?
Seriously? When files are deleted, their sectors are simply released to the=
free space pool without erasing their contents. Allocation of disk sectors=
without clearing them gives users/programs access to file contents previou=
sly stored by other users/programs.
As to why this is a problem, well, as they write in some math textbooks, th=
e answer is trivial and left as an exercise to the reader. Well, usually tr=
ivial.
matthew black
california state university, long beach
-----Original Message-----
From: Doug Barton [mailto:dougb@dougbarton.us]=20
Sent: Monday, April 14, 2014 7:48 PM
To: nanog@nanog.org
Subject: Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Year=
s]
On 04/14/2014 05:50 PM, John Levine wrote:
> In article <534C68F4.305@cox.net> you write:
>> On 4/14/2014 9:38 AM, Matthew Black wrote:
>>> Shouldn't a decent OS scrub RAM and disk sectors before allocating
>>> them to processes, unless that process enters processor privileged
>>> mode and sets a call flag? I recall digging through disk sectors on
>>> RSTS/E to look for passwords and other interesting stuff over 30
>>> years ago.
>>
>> I have been out of the loop for quite a while but my strongly held
>> belief is that such scrubbing would be an enormous (and intolerable)
>> overhead ...
>
> It must be quite a while. Unix systems have routinely cleared the RAM
> and disk allocated to programs since the earliest days.
When you say "clear the disk allocated to programs" what do you mean=20
exactly?
