Why memset_s and Annex K in general is an utterly stupid idea: https://gcc.gnu.org/ml/gcc-help/2014-10/msg00071.html …
@encthenet The real solution is a whitelist approach: abolish the practice of fork/setuid-and-keep-going. It's insecure for so many reasons.
-
-
@encthenet The whitelist approach is to always execve after using sensitive information, and only pass on what's needed. -
@RichFelker You still need the compiler to not do stupid things with the keys. You just can't write guaranteed secure code without marks. -
@encthenet I believe obliterating the VM space with _exit or execve addresses the threat model most people are interested in.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.