On Thu, Apr 10, 2014 at 06:26:48PM +0100, Rob Kendrick wrote: | On Thu, Apr 10, 2014 at 10:09:10AM -0700, Scott G. Kelly wrote: | > Does heartbleed allow one to read (discarded, freed) physical memory containing data from the OS and/or other processes in linux? | | Yes. It doesn't clear memory when it is freed, so you may end up | allocating memory that has old content in it, perhaps even from swap.
Correct. FWIW, the grsecurity patch adds the [moderately expensive] capability to do this at the kernel level. _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
