[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Thoughts on Shellshock and beyond
From:       "David A. Wheeler" <dwheeler () dwheeler ! com>
Date:       2014-10-15 11:49:10
Message-ID: DA3D0190-CFCA-4184-9EC6-76E129EDCCE1 () dwheeler ! com
[Download RAW message or body]


> Buffer reuse is common in languages with memory safety (so that I/O 
throughput is not bounded by garbage collector throughput).  The impact 
is reduced (you only leak prior buffer contents, whatever that might be, 
not anything which happens to be in the vicinity on the heap).  But I 
don't think it's true that memory safety prevents such information leaks

Heartbleed definitely would have been countered by memory-safe languages.  NIST even \
demonstrated that address sanitizer countered it, which is direct experimental proof. \
More info at http://www.dwheeler.com/essays/heartbleed.html



--- David A.Wheeler



[prev in list] [next in list] [prev in thread] [next in thread]