This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH 0/3] explicit_bzero v5
On Tue, Nov 15, 2016 at 1:42 PM, Florian Weimer <fweimer@redhat.com> wrote:
> On 11/15/2016 07:02 PM, Paul Eggert wrote:
>> On 11/15/2016 09:46 AM, Zack Weinberg wrote:
>>
>>> in any scenario where the arguments to explicit_bzero are visible to
>>> malicious code, the adversary has already won. Those arguments, after
>>> all, are either in registers or on the stack. If the adversary can
>>> read either of those, they can already learn return addresses.
>>
>> It's possible that the adversary can read the stack but not registers
If the adversary can read the stack at all, I suspect they've already
won, no matter what we do.
> I'm concerned that developers will read all these warnings and use memset
> instead (or a hand-written loop) because this appears to avoid all these
> issues.
Yeah, I'm actually worried that the warnings I already wrote are
already too over-the-top.
cc:ing Michael Kerrisk - you write manpages all day, does the
documentation added in
<https://sourceware.org/ml/libc-alpha/2016-11/msg00499.html> look like
it would scare people off using the function at all?
zw