From: "Rüdiger Meier" <sweet_f_a@gmx.de>
To: Bernhard Voelker <mail@bernhard-voelker.de>
Cc: Sami Kerola <kerolasa@iki.fi>, util-linux@vger.kernel.org
Subject: Re: [PATCH] newgrp: use libc explicit_bzero() when it is available
Date: Fri, 6 Jan 2017 13:15:05 +0100 [thread overview]
Message-ID: <201701061315.05420.sweet_f_a@gmx.de> (raw)
In-Reply-To: <4462d609-2049-7484-d6a8-53daf9b4534f@bernhard-voelker.de>
On Friday 06 January 2017 12:09:09 Bernhard Voelker wrote:
> On 01/05/2017 11:33 PM, Sami Kerola wrote:
> > +#ifdef HAVE_EXPLICIT_BZERO
> > + explicit_bzero(xpwd, strlen(xpwd));
> > +#else
> > xmemset_s(xpwd, strlen(xpwd), 0);
> > +#endif
> > free(xpwd);
>
> Do you think it's worth making things even more complicated
> for overwriting a simple string? I mean, a simple
>
> for (char *c = xpwd; c; c++)
> c = '\0';
>
> would do, wouldn't it?
I'm not an expert about this but explicit_bzero() seems to do some tricks to
avoid any compiler optimizations. Maybe the compiler would just not execute
the complete for loop if we never access bytes after the (first) NULL byte
later!? If this issue would be trivial then they probably wouldn't have added
the explicit_bzero() function at all.
see BSD's bzero man page:
The explicit_bzero() variant behaves the same, but will not be removed by
a compiler's dead store optimization pass, making it useful for clearing
sensitive memory such as a password.
and source code:
http://www.leidinger.net/FreeBSD/dox/libkern/html/d5/da7/explicit__bzero_8c_source.html
cu,
Rudi
next prev parent reply other threads:[~2017-01-06 12:22 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-05 22:33 [PATCH] newgrp: use libc explicit_bzero() when it is available Sami Kerola
2017-01-06 11:09 ` Bernhard Voelker
2017-01-06 12:15 ` Rüdiger Meier [this message]
2017-01-09 14:31 ` Aurélien Aptel
2017-01-16 11:31 ` Karel Zak
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201701061315.05420.sweet_f_a@gmx.de \
--to=sweet_f_a@gmx.de \
--cc=kerolasa@iki.fi \
--cc=mail@bernhard-voelker.de \
--cc=util-linux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox