This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH 0/3] explicit_bzero v5
- From: Paul Eggert <eggert at cs dot ucla dot edu>
- To: Zack Weinberg <zackw at panix dot com>, libc-alpha at sourceware dot org
- Cc: carlos at redhat dot com, fweimer at redhat dot com
- Date: Tue, 15 Nov 2016 08:20:22 -0800
- Subject: Re: [PATCH 0/3] explicit_bzero v5
- Authentication-results: sourceware.org; auth=none
- References: <20161115155509.12692-1-zackw@panix.com>
On 11/15/2016 07:55 AM, Zack Weinberg wrote:
Paul Eggert also observed that a call to explicit_bzero might expose
the_address_ of a buffer containing sensitive data, and perhaps
another thread could exfiltrate the data before it was erased.
I thought about it and I have concluded that this, like the other
remaining problems with this API, needs to be addressed in the
compiler
That sounds reasonable. Could you please document this, though? Perhaps
something like the following, after the paragraph about copying objects?
@strong{Warning:} Calling @code{explicit_bzero} may expose
the object's address to other parts of the program, defeating
address space layout randomization.