Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 7 Oct 2021 01:57:35 +0000
From: David Holland <dholland-libc@...bsd.org>
To: libc-coord@...ts.openwall.com
Subject: Re: freezero() and freezeroall()

On Mon, Oct 04, 2021 at 06:22:39PM -0700, Alan Coopersmith wrote:
 > On 9/17/21 5:46 PM, Paul Eggert wrote:
 > > Looking at the current OpenBSD source code[1], it appears they're doing
 > > best effort. Unless I'm missing something, in some cases freezero
 > > appears to call memset instead of explicit_bzero. Even if that were
 > > changed, on real systems I expect the data are too often still lying
 > > around somewhere in the hardware. I suppose the idea is that it's
 > > better than nothing.
 > 
 > I believe the goal is to protect against the memory being visible
 > in core files and to debuggers, not to a physical RAM dump of some
 > sort.

(Probably should have said this a month ago)

I'm not sure I see the point of this function -- if you're calling
explicit_bzero because you're handling secrets, skipping the bzero
because the page is about to be unmapped seems like a mistake, so
explicit_bzero followed by free seems just as good as anything and
easier to reason about than adding something new.

If you're not handling secrets, then it seems like security theater.

-- 
David A. Holland
dholland@...bsd.org

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.