Does heartbleed allow one to read (discarded, freed) physical memory containing data from the OS and/or other processes in linux?
A friend and I were discussing this. If the memory management is "lazy" (doesn't clear on page allocation/free), and if processes don't clear their own memory, I wondered if heartbleed would expose anything. My friend thinks "modern" operating systems clear memory to prevent inter-process data leakage. Of course, I agree that this is security goodness, but I wonder if, in the name of performance, this is "optional". I'm poking around in linux memory management code in between other tasks, but I'll bet somebody here knows the answer. Anyone? _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
