From: "Roman V. Shaposhnick" <vugluskr@unicorn.math.spbu.ru>
To: 9fans@cse.psu.edu
Subject: [9fans] how to avoid a memset() optimization
Date: Wed, 13 Nov 2002 01:42:17 +0300 [thread overview]
Message-ID: <20021113014217.A5718@unicorn.math.spbu.ru> (raw)
There's quite a lively discussion on comp.compilers about memset()
use in security related applications and compiler optimization.
This idiom of memset'ing secure stuff with 0 is not new, and I've
spotted it in Plan9 sources several times -- don't know whether
it should be a concern for Plan9 users and developers ( after all,
Plan9 has its own C compiler ) but seeing how gcc is making its
way, it seems that declaring every buffer volatile ( as John the
moderator has suggested ) wouldn't hurt either.
Thanks,
Roman.
From: "Francis Wai" <fwai@rsasecurity.com>
Newsgroups: comp.compilers
Subject: how to avoid a memset() optimization
Date: 7 Nov 2002 00:51:51 -0500
In a recent article (http://online.securityfocus.com/archive/82/297827),
Peter Gutmann raised a concern which has serious implications in
secure programming. His example, along the lines of,
int main()
{
char key[16];
strcpy(key, "whatever");
encrpts(key);
memset(key, 0, 16);
}
where memset() was optimized away because memset() is the last
expression before the next sequence point and that its side-effect is
not needed and that the subject of memset() is an auto variable. The
compiler sees that it is legitimate to optimize it away. This is _bad_
news for anyone concerns with sensitive data being left lying around
in memory.
Various suggestions have been made, such as declaring the variable
volatile and having a scrub memory function in a file of its own. I'm
wondering if there are better ways such as telling the compiler not to
optimize away a function call.
[Declaring the array volatile is the right way to do it. The reason
volatile exists is to tell the compiler not to do otherwise valid
optimizations. -John]
next reply other threads:[~2002-11-12 22:42 UTC|newest]
Thread overview: 91+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-11-12 22:42 Roman V. Shaposhnick [this message]
2002-11-13 0:20 presotto
2002-11-13 0:31 Russ Cox
2002-11-13 1:26 ` Roman V. Shaposhnick
2002-11-13 10:15 ` Douglas A. Gwyn
2002-11-14 1:42 ` Roman V. Shaposhnick
2002-11-13 10:15 ` Douglas A. Gwyn
2002-11-13 1:47 Russ Cox
2002-11-13 10:16 ` Douglas A. Gwyn
2002-11-14 1:46 ` Roman V. Shaposhnick
2002-11-14 1:52 ` William Josephson
2002-11-14 6:42 ` Roman V. Shaposhnick
2002-11-13 6:34 Andrew Simmons
2002-11-13 6:43 ` Doc Shipley
2002-11-13 6:52 Geoff Collyer
2002-11-13 10:13 ` Boyd Roberts
2002-11-13 10:43 C H Forsyth
2002-11-14 10:21 ` Douglas A. Gwyn
2002-11-13 13:38 Skip Tavakkolian
2002-11-13 16:25 ` Boyd Roberts
2002-11-13 13:55 rog
2002-11-13 14:14 Skip Tavakkolian
2002-11-13 14:40 C H Forsyth
2002-11-13 15:54 ` rob pike
2002-11-13 16:05 ` andrey mirtchovski
2002-11-13 16:32 ` Ronald G. Minnich
2002-11-14 10:21 ` Douglas A. Gwyn
2002-11-14 17:07 ` Ronald G. Minnich
2002-11-22 9:59 ` Clint Olsen
2002-11-13 16:56 ` William K. Josephson
2002-11-14 10:21 ` Douglas A. Gwyn
2002-11-14 16:48 ` William Josephson
2002-11-14 10:21 ` Douglas A. Gwyn
2002-11-14 14:46 ` Dan Cross
2002-11-14 16:59 ` Douglas A. Gwyn
2002-11-14 18:31 ` Tad Hunt
2002-11-15 10:50 ` Douglas A. Gwyn
2002-11-18 14:27 ` Aharon Robbins
2002-11-13 18:58 Rob `Commander' Pike
2002-11-14 2:48 Dennis Ritchie
2002-11-14 4:23 ` Ronald G. Minnich
2002-11-14 6:53 Russ Cox
2002-11-14 10:22 ` Douglas A. Gwyn
2002-11-14 13:20 ` Sam
2002-11-14 15:20 ` Scott Schwartz
2002-11-14 15:26 ` Boyd Roberts
2002-11-14 15:34 ` plan9
2002-11-14 15:59 ` Sam
2002-11-14 18:57 ` Steve Kilbane
2002-11-15 10:51 ` Douglas A. Gwyn
2002-11-14 15:50 ` Dan Cross
2002-11-14 17:21 ` Douglas A. Gwyn
2002-11-14 18:51 ` Dan Cross
2002-11-14 15:50 ` Douglas A. Gwyn
2002-11-19 7:20 ` Roman V. Shaposhnick
[not found] <nemo@plan9.escet.urjc.es>
2002-11-14 15:38 ` Fco.J.Ballesteros
2002-11-14 16:24 ` Scott Schwartz
2002-11-14 16:47 presotto
2002-11-15 10:50 ` Douglas A. Gwyn
2002-11-15 16:51 ` William Josephson
2002-11-18 10:38 ` Douglas A. Gwyn
2002-11-18 12:34 ` Ronald G. Minnich
2002-11-19 7:38 ` Roman V. Shaposhnick
2002-11-20 9:47 ` Douglas A. Gwyn
2002-11-21 20:55 ` Roman V. Shaposhnick
2002-11-22 9:59 ` Douglas A. Gwyn
2003-01-06 10:18 ` Ralph Corderoy
2003-01-06 15:42 ` Sam
2003-01-06 15:49 ` Russ Cox
2003-01-06 15:58 ` David Presotto
2003-01-06 16:02 ` Sam
2002-11-14 17:28 Russ Cox
2002-11-14 17:44 rog
2002-11-15 10:50 ` Douglas A. Gwyn
2002-11-14 18:11 Joel Salomon
2002-11-14 18:26 ` William Josephson
2002-11-14 18:17 presotto
2002-11-14 18:55 jmk
2002-11-14 22:23 ` Steve Kilbane
2002-11-15 1:56 Dennis Ritchie
2002-11-15 10:51 ` Douglas A. Gwyn
2002-11-15 12:03 ` Boyd Roberts
2002-11-18 14:19 C H Forsyth
2002-11-18 20:42 Andrew Simmons
2002-11-18 21:36 Joel Salomon
2002-11-19 8:21 Fco.J.Ballesteros
2002-11-19 14:32 presotto
2002-11-20 7:24 ` Tomas
2002-11-20 16:38 ` Douglas A. Gwyn
2003-01-06 10:47 nigel
2003-01-06 11:15 ` Geoff Collyer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20021113014217.A5718@unicorn.math.spbu.ru \
--to=vugluskr@unicorn.math.spbu.ru \
--cc=9fans@cse.psu.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).