:: [unSYSTEM] OpenSSL has exploit miti…
Pàgina inicial
Delete this message
Reply to this message
Autor: Caleb James DeLisle
A: System undo crew
Assumpte: [unSYSTEM] OpenSSL has exploit mitigation countermeasures to make sure it's exploitable.
Heartbleed reads up to 64k of memory, crossing 16 page boundaries
into "unallocated space" but it never triggers a segfault even
on systems with hardened malloc().

Theo de Raadt comments on OpenSSL's bypass of the OpenBSD secure malloc()

And more about exactly how it works:

And why it's impossible to turn it off:

A missed bounds check is an accident, a pattern of insecure design
practices is a scandal.