This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH 0/3] explicit_bzero v5

On 11/15/2016 09:46 AM, Zack Weinberg wrote:


in any scenario where the arguments to explicit_bzero are visible to
malicious code, the adversary has already won.  Those arguments, after
all, are either in registers or on the stack.  If the adversary can
read either of those, they can already learn return addresses.
It's possible that the adversary can read the stack but not registers, that the object address is already in a register but not in the stack, and that the call to explicit_bzero copies the address to the stack, making the address visible to the attacker. Perhaps something like the following instead? 


@strong{Warning:} Calling @code{explicit_bzero} may copy the
the object's address from a register to the stack, thereby exposing
the address to other parts of the program (e.g., another thread),
which may defeat address space layout randomization.
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]