This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
| Other format: | [Raw text] | |
On 11/15/2016 10:54 AM, Zack Weinberg wrote:
If the adversary can read the stack at all, I suspect they've already won, no matter what we do.
That will likely be true in many applications, but not in all. It's worth documenting the issue for applications that put sensitive objects in the heap, as they might not expose these object addresses to the stack now, but could do so if modified to invoke explicit_bzero.
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |