Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 9 Sep 2015 16:52:33 +0000
From: <>
To: <>
CC: <>, <>, <>,
Subject: Re: Compiler support for erasure of sensitive data

> On Sep 9, 2015, at 12:36 PM, Zack Weinberg <> wrote:
> ...
> I think the ideal feature addition to address this would be
>    void safe(void)
>    {
>        struct key __attribute__((sensitive)) k = get_key();
>        use_key(k);
>    }

That certainly is a cleaner answer.  What is attractive about it is that it expresses the need for variables (data) to be given different treatment, rather than expecting the programmer to code that special treatment in every place where that data becomes dead.  It's also likely to be a whole lot harder to implement, unfortunately.

Then again, suppose all you had is explicit_bzero, and an annotation on the data saying it's sensitive.  Can static code analyzers take care of the rest?  If so, this sort of thing doesn't need to be in the compiler.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.