In article <[email protected]> you write: >On Thu, Apr 10, 2014 at 10:09:10AM -0700, Scott G. Kelly wrote: >> Does heartbleed allow one to read (discarded, freed) physical memory >> containing data from the OS and/or other processes in linux? > >Yes. It doesn't clear memory when it is freed, so you may end up >allocating memory that has old content in it, perhaps even from swap.
I don't ever remember any Unix-ish or Linux system where the kernel didn't clear newly allocated process memory, other than perhaps some ancient tiny machines with no memory protection, and I've been in this biz since the 1970s. That would be a horrible security hole that malware would be exploiting directly, not by accident via something like heartbleed. I agree that these days the implementation is typically that new memory is page faulted in from the equivalent of /dev/zero. R's, John _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
