|
Date: Wed, 9 Sep 2015 12:58:36 -0400 From: Zack Weinberg <zackw@...ix.com> To: Paul_Koning@...l.com Cc: gcc@....gnu.org, llvmdev@...uiuc.edu, libc-alpha@...rceware.org, musl@...ts.openwall.com Subject: Re: Compiler support for erasure of sensitive data On 09/09/2015 12:52 PM, Paul_Koning@...l.com wrote: > Then again, suppose all you had is explicit_bzero, and an annotation > on the data saying it's sensitive. Can static code analyzers take > care of the rest? If so, this sort of thing doesn't need to be in > the compiler. The thing that absolutely has to be implemented in the compiler (AFAICT) is register clearing. I'm undecided as to how *necessary* that is. There certainly can be a lot of sensitive data in registers (e.g. AESNI puts an entire AES key schedule in xmm registers). I don't know of any exploits that depended on salvaging such data from registers, but I don't follow exploit research closely. zw
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.