:: [unSYSTEM] OpenSSL has exploit miti…
Forside
Slet denne besked
Besvar denne besked
Skribent: Caleb James DeLisle
Dato:  
Til: System undo crew
Emne: [unSYSTEM] OpenSSL has exploit mitigation countermeasures to make sure it's exploitable.
Heartbleed reads up to 64k of memory, crossing 16 page boundaries
into "unallocated space" but it never triggers a segfault even
on systems with hardened malloc().

Theo de Raadt comments on OpenSSL's bypass of the OpenBSD secure malloc()
http://article.gmane.org/gmane.os.openbsd.misc/211963

And more about exactly how it works:
http://www.tedunangst.com/flak/post/heartbleed-vs-mallocconf

And why it's impossible to turn it off:
http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse


A missed bounds check is an accident, a pattern of insecure design
practices is a scandal.