oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE-2023-51767: a bogus CVE in OpenSSH

From: Peter Gutmann <pgut001 () cs auckland ac nz>
Date: Tue, 23 Sep 2025 12:36:45 +0000
Solar Designer <solar () openwall com> writes:


I also worry about risk of software bugs that a simple 0/1 flag may be more
susceptible to than e.g. magic values would be.  Maybe we can identify a
reasonable level of defensive programming without going for slippery slope


You can write code that deals with bit-flips (SEEs to use the correct term)
and the like but you pretty much need to do it end-to-end if you're worried
about real-world bit-flips, and that's a *lot* of work.  If you want the full
gory details:

https://www.cs.auckland.ac.nz/~pgut001/pubs/software_faults.pdf

To answer a question from another post, ECC RAM won't necessarily help you
because you can get faults like word-line upsets that ECC won't detect, I've
got a second talk that covers that if anyone's interested.  The upside is that
most modern desktop/ server processors are essentially rad-hard so faults in
the CPU or data in on-CPU cache memory aren't so much a concern any more.

Peter.
Previous By Date Next
Previous By Thread Next

Current thread: