Why memset_s and Annex K in general is an utterly stupid idea: https://gcc.gnu.org/ml/gcc-help/2014-10/msg00071.html …
Scrubbing sensitive data requires compiler-level features, not magical "don't 'optimize out' this memset" gimmicks.
-
-
.
@RichFelker yes, it needs a way to mark data/structures as sensitive, and have the compiler automatically clean the data from unused locs. -
@encthenet That's the ideal "blacklist" solution, but it's still very hard to get right at the compiler level. -
@encthenet The real solution is a whitelist approach: abolish the practice of fork/setuid-and-keep-going. It's insecure for so many reasons. -
@encthenet The whitelist approach is to always execve after using sensitive information, and only pass on what's needed. -
@RichFelker You still need the compiler to not do stupid things with the keys. You just can't write guaranteed secure code without marks. -
@encthenet I believe obliterating the VM space with _exit or execve addresses the threat model most people are interested in.
End of conversation
New conversation -
-
-
@RichFelker The same way if i write driver code that should write values into an mmap region, that can get optimized away? -
@landley Not really related. MMIO needs volatile objects to work anyway.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.