Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Fri, 26 May 2023 16:16:03 -0400
From: Rich Felker <dalias@...c.org>
To: Jₑₙₛ Gustedt <jens.gustedt@...ia.fr>
Cc: Joakim Sindholt <opensource@...sha.com>, musl@...ts.openwall.com
Subject: Re: [C23 string conversion 1/3] C23: add the new
 memset_explicit function

On Fri, May 26, 2023 at 12:18:29PM +0200, Jₑₙₛ Gustedt wrote:
> Joakim,
> 
> on Fri, 26 May 2023 11:52:36 +0200 you (Joakim Sindholt
> <opensource@...sha.com>) wrote:
> 
> > I don't see how this is in any way useful. It's certainly not part of
> > the standard, which only says:
> > 
> > > The intention is that the memory store is always performed (i.e.,
> > > never elided), regardless of optimizations. This is in contrast to
> > > calls to the memset function (7.26.6.1)  
> 
> There has been a long discussion in WG14 about this what is even
> possible to say here. The clear intent in all discussions was to have
> something that best inhibits all sorts of information leak.
> 
> What you are citing is just a footnote. The normative text says:
> 
>      The purpose of this function is to make sensitive information
>      stored in the object inaccessible
> 
> So this is ist the expressed intent.
> 
> This is clearly a QoI issue. I think that indeed a sequential
> reordering barrier is the minimal quality that implementations can
> provide. But since this is not time critical, we might be able to
> provide a bit more, with modest cost, such as synchronization with
> other threads, and such as deleting the information where even the
> object was located in the first place.

Zeroing the local var dest does not do that. It makes things worse, by
forcing dest to get spilled to memory so it can be acted on as an
object by a_cas_p. It will do nothing to clear whatever register or
stack slot the value in dest might have previously lived in.

We had all of these discussions back when explicit_bzero was added,
and it was done the way it was done because it's portable (within the
framework of what musl already requires) and non-arch-specific, has
zero overhead, avoids any code duplication or bad performance
open-coding another memset variant, and avoids taking part in any
security theater (pretending we can clear things we can't).

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.