On 20/07/17 14:03, Paul Eggert wrote: > * NEWS: Document this. > * bootstrap.conf (gnulib_modules): Add explicit_bzero. > * gl/lib/randint.c (randint_free): > * gl/lib/randread.c (randread_free): > * src/blake2/blake2-impl.h (secure_zero_memory): > * src/shred.c (dopass, do_wipefd): > Prefer explicit_bzero to memset when erasing secrets.
> + shred now erases buffers containing secrets via the explicit_bzero > + function, which should be more reliable. > + [potential bug has always been present in 'shred'] shred doesn't have any secrets though right? Ah I see, it used to have secrets since it originally read the input file to seed the random number generator. How about the attached to remove this redundant zeroing entirely? Also I think I'll remove the explicit_bzero() from blake2 as src/blake2 is copied directly from the reference implementation. So it would be best to change there and have a one way sync. cheers, Pádraig
From b9626205effc42753d3be3923ca85c73024bbcd7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C3=A1draig=20Brady?= <[email protected]> Date: Sun, 23 Jul 2017 01:06:33 -0700 Subject: [PATCH] shred: remove redundant zeroing of freed memory * src/shred.c (dopass): shred used to read the input file, and so needed to ensure internal memory was cleared. This is no longer the case since SH-UTILS-1_16f-260-gf381610 so avoid this redundant clearing. (do_wipefd): Likewise. * NEWS: Remove the recent mention of this issue. --- NEWS | 4 ---- src/shred.c | 2 -- 2 files changed, 6 deletions(-) diff --git a/NEWS b/NEWS index dfd2837..110229b 100644 --- a/NEWS +++ b/NEWS @@ -25,10 +25,6 @@ GNU coreutils NEWS -*- outline -*- Now, it prints a diagnostic or a line to stdout for each argument. [bug introduced in the bourne-shell-to-C rewrite for coreutils-6.11] - shred now erases buffers containing secrets via the explicit_bzero - function, which should be more reliable. - [potential bug has always been present in 'shred'] - split no longer exits when invocations of a --filter return EPIPE. [bug introduced in coreutils-8.26] diff --git a/src/shred.c b/src/shred.c index c95546c..e6df409 100644 --- a/src/shred.c +++ b/src/shred.c @@ -653,7 +653,6 @@ dopass (int fd, struct stat const *st, char const *qname, off_t *sizep, } free_pattern_mem: - explicit_bzero (pbuf, FILLPATTERN_SIZE); free (fill_pattern_mem); return other_error ? -1 : write_error; @@ -987,7 +986,6 @@ do_wipefd (int fd, char const *qname, struct randint_source *s, } wipefd_out: - explicit_bzero (passarray, flags->n_iterations * sizeof (int)); free (passarray); return ok; } -- 2.9.3
