Simon Josefsson wrote: > A general observation is that I'm mixed about offering replacement of > security-relevant APIs which do not offer the same guarantees as a > secure implementation. In these situations, it may actually be > preferrably to crash or to refuse to build the application, at least by > default.
I disagree. IMO, security is always done on a best-effort basis. There is no 100% security. In the case of memset_explicit, the secret may be present in memory - with a working memset_explicit: for 5 microseconds, - with a dysfunctional memset_explicit: for 5 seconds. So, a working memset_explicit provides a 99.9999% protection, at most. Even with a working memset_explicit, the attacker can halt the CPU at a particular instruction before the erase (e.g. set a breakpoint at memset_explicit :-) ), make a dump of the RAM of the process, and analyze it. Therefore I don't think that an FTBFS or an abort() are justified if the security guarantees cannot be met. Bruno
