From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 71405 invoked by alias); 15 Nov 2016 16:20:30 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Received: (qmail 70725 invoked by uid 89); 15 Nov 2016 16:20:30 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-4.5 required=5.0 tests=AWL,BAYES_00,RP_MATCHES_RCVD,SPF_PASS autolearn=ham version=3.3.2 spammy=H*Ad:D*ucla.edu, Hx-languages-length:730, H*r:sk:zimbra., Hx-spam-relays-external:sk:zimbra. X-HELO: zimbra.cs.ucla.edu Subject: Re: [PATCH 0/3] explicit_bzero v5 To: Zack Weinberg , libc-alpha@sourceware.org References: <20161115155509.12692-1-zackw@panix.com> Cc: carlos@redhat.com, fweimer@redhat.com From: Paul Eggert Message-ID: <677c23f1-d10a-890d-b875-039d32a3d228@cs.ucla.edu> Date: Tue, 15 Nov 2016 16:20:00 -0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: <20161115155509.12692-1-zackw@panix.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-SW-Source: 2016-11/txt/msg00503.txt.bz2 On 11/15/2016 07:55 AM, Zack Weinberg wrote: > Paul Eggert also observed that a call to explicit_bzero might expose > the_address_ of a buffer containing sensitive data, and perhaps > another thread could exfiltrate the data before it was erased. > I thought about it and I have concluded that this, like the other > remaining problems with this API, needs to be addressed in the > compiler That sounds reasonable. Could you please document this, though? Perhaps something like the following, after the paragraph about copying objects? @strong{Warning:} Calling @code{explicit_bzero} may expose the object's address to other parts of the program, defeating address space layout randomization.