| 1 |
On E, 2017-11-13 at 12:44 +0200, Nikos Chantziaras wrote: |
| 2 |
> On 13/11/17 09:17, Jorge Almeida wrote: |
| 3 |
> > |
| 4 |
> > On Sun, Nov 12, 2017 at 7:03 PM, Mart Raudsepp <leio@g.o> |
| 5 |
> > wrote: |
| 6 |
> > > |
| 7 |
> > > On L, 2017-11-11 at 00:10 +0000, Jorge Almeida wrote: |
| 8 |
> > > > |
| 9 |
> > > > Well, most programmers probably won't care about this stuff |
| 10 |
> > > > anyway, |
| 11 |
> > > > and people who deal with cryptography tend to be more cautious |
| 12 |
> > > > than |
| 13 |
> > > > average. But I'm not really making a case for safe versions of |
| 14 |
> > > > known |
| 15 |
> > > > functions. After all, the usual functions do fine for most |
| 16 |
> > > > applications. memset() would be enough to clear RAM with |
| 17 |
> > > > sensitive |
| 18 |
> > > > data if we had a pragma (or equivalent) to convince the |
| 19 |
> > > > compiler to |
| 20 |
> > > > not ignore it (I mean a pragma to invoke on a particular |
| 21 |
> > > > function |
| 22 |
> > > > definition when the programmer feels that a black box |
| 23 |
> > > > behaviour is |
| 24 |
> > > > undesirable). Of course, solving the problem of the compiler |
| 25 |
> > > > copying |
| 26 |
> > > > stuff around might be harder nut to crack. |
| 27 |
> > > Sounds like you want explicit_bzero from libbsd? |
| 28 |
> > > |
| 29 |
> > According to their man page, yes. I'll have to [try to] check the |
| 30 |
> > source. I wonder how they do it? Even the volatile modifier doesn't |
| 31 |
> > solve the problem, according to the link in previous post. |
| 32 |
> explicit_bzero() is available in glibc. It's in <string.h>. |
| 33 |
|
| 34 |
Interesting. Some Xorg stuff is using libbsd explicitly, but probably |
| 35 |
since before glibc gained this. This is new since glibc-2.25. |
| 36 |
|
| 37 |
How they do it you can find out from the source code. In libbsd case, I |
| 38 |
saw a weak linked (do-nothing) function call after memset, so the |
| 39 |
compiler can't know if that weakly linked function isn't getting |
| 40 |
replaced with something that might do something with the zeroed memory, |
| 41 |
and thus can't optimize it out. Though I looked at an older libbsd. |
Archives