This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH RFC] explicit_bzero, again
- From: Florian Weimer <fweimer at redhat dot com>
- To: Zack Weinberg <zackw at panix dot com>, GNU C Library <libc-alpha at sourceware dot org>
- Date: Fri, 21 Aug 2015 08:37:57 +0200
- Subject: Re: [PATCH RFC] explicit_bzero, again
- Authentication-results: sourceware.org; auth=none
- References: <55C7E246 dot 3000006 at panix dot com> <55D0BDA7 dot 40402 at panix dot com>
On 08/16/2015 06:43 PM, Zack Weinberg wrote:
> +@strong{Warning:} The compiler is free to make additional copies of
> +any object, or parts of it, in temporary storage areas (such as
> +registers and ``scratch'' stack space). @code{explicit_bzero} does
> +not guarantee that temporary copies of sensitive data are destroyed.
Perhaps you should add that explicit_bzero can create the copy which it
is about to overwrite, leaving the original untouched. A partial
countermeasure could be a barrier with register clobbers for as many
caller-saved registers as possible.
--
Florian Weimer / Red Hat Product Security