This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH 1/3] New string function explicit_bzero (from OpenBSD).

From: Paul Eggert <eggert at cs dot ucla dot edu>
To: Zack Weinberg <zackw at panix dot com>, libc-alpha at sourceware dot org
Cc: fweimer at redhat dot com
Date: Thu, 15 Sep 2016 08:38:09 -0700
Subject: Re: [PATCH 1/3] New string function explicit_bzero (from OpenBSD).
Authentication-results: sourceware.org; auth=none
References: <20160915130507.20993-1-zackw@panix.com> <20160915130507.20993-2-zackw@panix.com>

On 09/15/2016 06:05 AM, Zack Weinberg wrote:

+void
+internal_function
+__glibc_read_memory(const void *s, size_t len)
+{
+  asm volatile ("");
+}

This leaks the address S to possibly-buggy code, bypassing addressrandomization. For example, if a function body ends in 'explicit_bzero(&x, sizeof x)', then &x is likely to be in a machine register or on thestack when explicit_bzero returns, more so than if explicit_bzero werenever called. If a key is stored next to other somewhat-sensitive datathis will make the somewhat-sensitive data more vulnerable than itotherwise would be.

To help avoid this problem, __glibc_read_member could clear allcaller-save registers (including the return register of course). Thiswould not entirely prevent the problem, but that's OK as explicit_bzerodoes not pretend to entirely prevent information leakage.

References:
- [PATCH 0/3] explicit_bzero again
  - From: Zack Weinberg
- [PATCH 1/3] New string function explicit_bzero (from OpenBSD).
  - From: Zack Weinberg

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]