OpenBSD has the explicit_bzero function to reliably (i.e. even if not
observable in the C abstract machine) overwrite memory with zeroes.

WG14 is currently considering adding similar functionality to C2X.

Considered options include:

* A function like explicit_bzero or memset_explicit, that overwrites the
memory with a known value.
* A function like memclear, that overwrites the memory in an
implementation-defined manner, possibly using random data.

Is there a rationale why OpenBSD went with their explicit_bzero design?
Were alternatives considered and rejected?


Reply via email to