On Fri, Nov 10, 2017 at 11:19 PM, R0b0t1 <r03...@gmail.com> wrote: > On Fri, Nov 10, 2017 at 2:09 PM, Jorge Almeida <jjalme...@gmail.com> wrote: >> On Fri, Nov 10, 2017 at 4:25 PM, R0b0t1 <r03...@gmail.com> wrote: > >> >> http://www.daemonology.net/blog/2014-09-04-how-to-zero-a-buffer.html >> > > I really think there is a deeper issue here then, which is that the > compiler takes a lot of liberties when translating a program > description into machine code. There have been suggestions made that > this makes very nearly all compilers unsuitable for high reliability > purposes. Cryptographic or user security code is likely a candidate > for the label "high reliability."
Yes, the html page above has a link to a 2nd part, where (if I understood correctly) it is concluded that currently there is no real solution: even if the compiler does what it is told to, it may copy data around, and the programmer has no control whatsoever over the fate of such data. > > To further explain why the additions are counterproductive: the > programmer still has to remember to use them. It is just as likely > that the programmer will forget to use memset_s properly as any of the > other functions in string.h (possibly by forgetting to sanitize input > i.e. the memory segment boundaries). > Well, most programmers probably won't care about this stuff anyway, and people who deal with cryptography tend to be more cautious than average. But I'm not really making a case for safe versions of known functions. After all, the usual functions do fine for most applications. memset() would be enough to clear RAM with sensitive data if we had a pragma (or equivalent) to convince the compiler to not ignore it (I mean a pragma to invoke on a particular function definition when the programmer feels that a black box behaviour is undesirable). Of course, solving the problem of the compiler copying stuff around might be harder nut to crack. > > > If you don't mind I might post this concern to the GCC mailing list, > or you can take it up if you want. Please do. I'm strictly amateur league, and you'll do a better job. > Cheers Jorge
