This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[iot-wg] serious vulnerabilities FreeRTOS

Previous message (by thread): [iot-wg] serious vulnerabilities FreeRTOS
Next message (by thread): [iot-wg] serious vulnerabilities FreeRTOS

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Töma Gavrichenkov ximaera at gmail.com
Tue Oct 23 03:04:33 CEST 2018

On Mon, Oct 22, 2018 at 9:40 PM Jim Reid <jim at rfc1035.com> wrote:
> The vulnerabilities are apparently in the TCP/IP stack. How is this possible? Rock-solid public domain TCP/IP code has been around since BSD4.4 20+ years ago. Or even earlier. Why would someone shun that, write their own code and do it badly?

Sometimes the publicly available TCP handling code might seem to be
too slow and bloated for an embedded software. Embedded developers are
used to get rid of the security checks they believe are unnecessary,
because it reduces both computational time and memory footprint.

I actually have a device almost at my disposal which implements its
own TCP driver in the most effective and braindead way. I'm going to
check against my NDA if I can share the details, but, spoiler, you'll
be shocked of what it does with plain old poor TCP.

| Töma Gavrichenkov
| gpg: 2deb 97b1 0a3c 151d b67f 1ee5 00e7 94bc 4d08 9191
| mailto: ximaera at gmail.com
| fb: ximaera
| telegram: xima_era
| skype: xima_era
| tel. no: +7 916 515 49 58

Previous message (by thread): [iot-wg] serious vulnerabilities FreeRTOS
Next message (by thread): [iot-wg] serious vulnerabilities FreeRTOS

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ iot-wg Archives ]