Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 16 Jul 2016 18:34:12 +0200
From: Daniel Cegiełka <daniel.cegielka@...il.com>
To: owl-dev@...ts.openwall.com
Subject: Re: passwdqc code quality

2016-07-16 18:27 GMT+02:00 Solar Designer <solar@...nwall.com>:
> On Sat, Jul 16, 2016 at 06:40:21PM +0300, Solar Designer wrote:
> This memset() reminds me: we also have many memset() calls trying to
> zeroize things.  This always made little sense, and it makes even less
> sense with modern compilers, which tend to optimize such calls away.
>
> So maybe one of the code quality aspects is to add a source file with a
> slightly less unreliable memory zeroization function, and use that.
> Maybe like Colin Percival's insecure_memzero():
>
> https://github.com/Tarsnap/libcperciva/blob/master/util/insecure_memzero.c
>
> http://www.daemonology.net/blog/2014-09-04-how-to-zero-a-buffer.html
> http://www.daemonology.net/blog/2014-09-06-zeroing-buffers-is-insufficient.html

or use some kind of explicit_bzero() from OpenBSD

#include <string.h>

static void *(*volatile explicit_memset)(void *, int, size_t) = memset;

void explicit_bzero(void *b, size_t len)
{
        (*explicit_memset)(b, 0, len);
}

Daniel


> Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ