This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [RFC] [PATCH] Support explicit_bzero, memset_s, memzero_explicit, or similar.
- From: Paul Eggert <eggert at cs dot ucla dot edu>
- To: Rich Felker <dalias at libc dot org>, libc-alpha at sourceware dot org
- Cc: Nick Mathewson <nickm at freehaven dot net>
- Date: Mon, 15 Dec 2014 13:29:59 -0800
- Subject: Re: [RFC] [PATCH] Support explicit_bzero, memset_s, memzero_explicit, or similar.
- Authentication-results: sourceware.org; auth=none
- References: <CAKDKvuzWYf3GcXYs4ED8XLyy58nzmvxRV84xwsKKZjPpVSFQug at mail dot gmail dot com> <20141215173527 dot GJ4574 at brightrain dot aerifal dot cx>
On 12/15/2014 09:35 AM, Rich Felker wrote:
None of these solve the problem, because the compiler is free to have
copied part of all of this buffer into other temporary storage on the
stack or registers.
Yes, this is not something that can be solved just at the C library
level. It's a big problem, that requires OS and compiler support (and
maybe even hardware support). See, for example, Anikeev et al's paper
on secure garbage collection
<http://dx.doi.org/10.1016/j.jisa.2014.10.001> or Chow et al's classic
paper on shredding one's garbage
<https://www.usenix.org/legacy/event/sec05/tech/full_papers/chow/chow_html/>.
<http://dx.doi.org/10.1016/j.jisa.2014.10.001>
By the way, shouldn't one set memory to a random bitpattern rather than
simply clearing it?
<http://dx.doi.org/10.1016/j.jisa.2014.10.001>