Zitat von Viktor Dukhovni <postfix-us...@dukhovni.org>:
On Wed, Apr 09, 2014 at 05:54:33PM -0400, Victoriano Giralt wrote:I'd like to 'hear' Wietse's and Victor's opinion on how could this nasty bug affect a TLS service like submission?In pretty much the same way that it applies to web services. * SSL/TLS Private keys may be compromised. * GSSAPI SASL Kerberos keys may be compromised. * User passwords may be compromised. * SSL session keys may be compromised. * Recently received email messages whose (partial?) content is still in memory may be compromised. * ... It is interesting to note that Postfix always wipes memory as it is released (de-allocated) back to the heap. So, one might think that Postfix is safe, but the plaintext buffers that Postfix reads from OpenSSL are allocated and deallocated by OpenSSL, not Postfix. OpenSSL by default uses the C library malloc/free functions without generally wiping memory passed to free(). So anything read from a remote client may be available via this attack to a different client.
But this only applies to clients connecting to the same smtpd/process, no?So a attacker is not able to get sensitive data from *any* client also connected, but only from clients which have connected to the same smtpd instance in the past or "global" data like the private key?
I still wonder why OpenSSL does not use the memory wipe before free, is it a performance killer or a feature?
Regards Andreas
smime.p7s
Description: S/MIME Cryptographic Signature
