1 |
On E, 2017-11-13 at 12:44 +0200, Nikos Chantziaras wrote: |
2 |
> On 13/11/17 09:17, Jorge Almeida wrote: |
3 |
> > |
4 |
> > On Sun, Nov 12, 2017 at 7:03 PM, Mart Raudsepp <leio@g.o> |
5 |
> > wrote: |
6 |
> > > |
7 |
> > > On L, 2017-11-11 at 00:10 +0000, Jorge Almeida wrote: |
8 |
> > > > |
9 |
> > > > Well, most programmers probably won't care about this stuff |
10 |
> > > > anyway, |
11 |
> > > > and people who deal with cryptography tend to be more cautious |
12 |
> > > > than |
13 |
> > > > average. But I'm not really making a case for safe versions of |
14 |
> > > > known |
15 |
> > > > functions. After all, the usual functions do fine for most |
16 |
> > > > applications. memset() would be enough to clear RAM with |
17 |
> > > > sensitive |
18 |
> > > > data if we had a pragma (or equivalent) to convince the |
19 |
> > > > compiler to |
20 |
> > > > not ignore it (I mean a pragma to invoke on a particular |
21 |
> > > > function |
22 |
> > > > definition when the programmer feels that a black box |
23 |
> > > > behaviour is |
24 |
> > > > undesirable). Of course, solving the problem of the compiler |
25 |
> > > > copying |
26 |
> > > > stuff around might be harder nut to crack. |
27 |
> > > Sounds like you want explicit_bzero from libbsd? |
28 |
> > > |
29 |
> > According to their man page, yes. I'll have to [try to] check the |
30 |
> > source. I wonder how they do it? Even the volatile modifier doesn't |
31 |
> > solve the problem, according to the link in previous post. |
32 |
> explicit_bzero() is available in glibc. It's in <string.h>. |
33 |
|
34 |
Interesting. Some Xorg stuff is using libbsd explicitly, but probably |
35 |
since before glibc gained this. This is new since glibc-2.25. |
36 |
|
37 |
How they do it you can find out from the source code. In libbsd case, I |
38 |
saw a weak linked (do-nothing) function call after memset, so the |
39 |
compiler can't know if that weakly linked function isn't getting |
40 |
replaced with something that might do something with the zeroed memory, |
41 |
and thus can't optimize it out. Though I looked at an older libbsd. |