This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH 0/3] explicit_bzero v5

From: Paul Eggert <eggert at cs dot ucla dot edu>
To: Zack Weinberg <zackw at panix dot com>, libc-alpha at sourceware dot org
Cc: carlos at redhat dot com, fweimer at redhat dot com
Date: Tue, 15 Nov 2016 08:20:22 -0800
Subject: Re: [PATCH 0/3] explicit_bzero v5
Authentication-results: sourceware.org; auth=none
References: <20161115155509.12692-1-zackw@panix.com>

On 11/15/2016 07:55 AM, Zack Weinberg wrote:

Paul Eggert also observed that a call to explicit_bzero might expose
the_address_  of a buffer containing sensitive data, and perhaps
another thread could exfiltrate the data before it was erased.
I thought about it and I have concluded that this, like the other
remaining problems with this API, needs to be addressed in the
compiler

That sounds reasonable. Could you please document this, though? Perhapssomething like the following, after the paragraph about copying objects?



@strong{Warning:} Calling @code{explicit_bzero} may expose
the object's address to other parts of the program, defeating
address space layout randomization.

Follow-Ups:
- Re: [PATCH 0/3] explicit_bzero v5
  - From: Zack Weinberg

References:
- [PATCH 0/3] explicit_bzero v5
  - From: Zack Weinberg

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]