Am Mon, 07 Apr 2014 23:28:02 +0000 schrieb "w0rp" <devw...@gmail.com>:
> http://heartbleed.com/ > > This bug has been getting around. The bug was caused by missing > bounds checking. > > I'm glad to be using a language with bounds checking. Sorry, but wasn't this security risk instead caused by uninitialized memory, and shouldn't you instead have said: "I'm glad to be using a language with default initialization?" (The attacker could request a larger packet size than required for the requested data and malloc() doesn't zero out the rest of the memory block, possibly containing sensitive data.) In an article I read that malloc implementations using mmap are more seriously affected, since that memory can come from anywhere whereas the sbrk version is usually reusing memory from the calling process. I didn't understand that, since mmap on Linux returns zeroed out pages. Process isolation is actually pretty good. And frankly, had the OpenSSH developers replaced the m with c in malloc, they could have avoided a lot of trouble as well. But as it goes with such low level libraries performance is very important to put load off servers for what is today seen as a normal part of the network stack. I don't think any of these calls for "safer languages" will change that the developers want to win in those throughput benchmarks with their implementation and keep using unsafe functions. -- Marco