[171042] in North American Network Operators' Group
Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]
daemon@ATHENA.MIT.EDU (Larry Sheldon)
Wed Apr 16 19:13:21 2014
Date: Wed, 16 Apr 2014 18:12:50 -0500
From: Larry Sheldon <LarrySheldon@cox.net>
To: nanog@nanog.org
In-Reply-To: <qlam1n00c1Una3W01laowf>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 4/16/2014 4:34 PM, Jason Iannone wrote:
> I can't cite chapter and verse but I seem to remember this zeroing
> problem was solved decades ago by just introducing a bit which said
> this chunk of memory or disk is new (to this process) and not zeroed
> but if there's any attempt to actually access it then read it back as
> if it were filled with zeros, or alternatively zero it.
>
> Isn't that a result of the language? Low level languages give that
> power to the author rather than assuming any responsibility. Hacker
> News had a fairly in-depth discussion regarding the nature of C with
> some convincing opinions as to why it's not exactly the right tool to
> build this sort of system with. The gist, forcing the author of a
> monster like OpenSSL to manage memory is a problem.
I dropped out of the discussion because I couldn't get a foot-hold, but
I would like to know this:
If the hardware (as has been suggested) or the OS does any of this, how
do diagnostic routine in or running under the OS work?
--
Requiescas in pace o email Two identifying characteristics
of System Administrators:
Ex turpi causa non oritur actio Infallibility, and the ability to
learn from their mistakes.
(Adapted from Stephen Pinker)
