On 12 Apr 2014 21:35, "fooler mail" <[email protected]> wrote: > > I rest my case and not pursue this debate as it clearly you don't > undertand the bug as well as you don't understand the benefits of > cached memory... >
Caching memory in the application breaks address space layout randomization. How do you catch all overflows from bugs otherwise? You haven't looked at the code and the changelog did you? > fooler. > > On Sat, Apr 12, 2014 at 4:22 PM, Rogelio Serrano > <[email protected]> wrote: > > > > On 12 Apr 2014 20:48, "fooler mail" <[email protected]> wrote: > >> > >> you don't get it also.... plan B is to deny that is not intentional > > > > He put it there on purpose? Where is that coming from? The guy apologised! > > > >> and it is my mistake... if you are a computer security expert.... one > >> of the basics is to check for any variable containing length as that > >> is where the buffer overflows occurred.. if you don't understand > >> computer security.. you don't understand what im talking here... > >> > > > > Everybody knows that by now. > > > > The entire idea was broken. It's a bad idea to cache allocated memory blocks > > in the first place. That breaks the memory protection in place in the > > system. My kernels are patched with aslr and that kind of gimmick is just > > asking for trouble. We don't even have that code in the version we use. > > Maybe we just got lucky. > > > > Im not even an expert. MAybe you are. > > > > Im not claiming to be an expert. Experts don't survive where im at. > > > >> fooler. > >> > >> On Sat, Apr 12, 2014 at 2:29 PM, Rogelio Serrano > >> <[email protected]> wrote: > >> > > >> > On 12 Apr 2014 18:59, "fooler mail" <[email protected]> wrote: > >> >> > >> >> now you see how plan B works - denial... > >> >> > >> >> fooler. > >> > > >> > You Don't get it. > >> > > >> > Somebody made a mistake. A very stupid mistake. > >> > > >> > That's an admission that mistakes happen. And it shows we can do > >> > something > >> > about it. > >> > > >> > Our Mistakes are transparent are readily discoverable. > >> > > >> > Are mistakes in your team transparent too? Do we hear about it? How much > >> > of > >> > it are obscured by your boss covering his ass? > >> > > >> > Perhaps some programmer in the list want to get experience working with > >> > code? The community needs help. You don't like other Filipinos > >> > contributing > >> > fooler? > >> > > >> > Most of these potential contributors are unemployable by companies like > >> > Nokia but they can create a lot of value. > >> > > >> >> > >> >> On Sat, Apr 12, 2014 at 12:25 PM, Rogelio Serrano > >> >> <[email protected]> wrote: > >> >> > We need more. > >> >> > > >> >> > > >> >> > > >> >> > http://m.smh.com.au/it-pro/security-it/man-who-introduced-serious-heartbleed-security-flaw-denies-he-inserted-it-deliberately-20140410-zqta1.html > >> >> > > >> >> > > >> >> > _________________________________________________ > >> >> > Philippine Linux Users' Group (PLUG) Mailing List > >> >> > http://lists.linux.org.ph/mailman/listinfo/plug > >> >> > Searchable Archives: http://archives.free.net.ph > >> >> _________________________________________________ > >> >> Philippine Linux Users' Group (PLUG) Mailing List > >> >> http://lists.linux.org.ph/mailman/listinfo/plug > >> >> Searchable Archives: http://archives.free.net.ph > >> > > >> > > >> > _________________________________________________ > >> > Philippine Linux Users' Group (PLUG) Mailing List > >> > http://lists.linux.org.ph/mailman/listinfo/plug > >> > Searchable Archives: http://archives.free.net.ph > >> _________________________________________________ > >> Philippine Linux Users' Group (PLUG) Mailing List > >> http://lists.linux.org.ph/mailman/listinfo/plug > >> Searchable Archives: http://archives.free.net.ph > > > > > > _________________________________________________ > > Philippine Linux Users' Group (PLUG) Mailing List > > http://lists.linux.org.ph/mailman/listinfo/plug > > Searchable Archives: http://archives.free.net.ph > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > http://lists.linux.org.ph/mailman/listinfo/plug > Searchable Archives: http://archives.free.net.ph
_________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
