From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/8477
Path: news.gmane.org!not-for-mail
From: Zack Weinberg <zackw@panix.com>
Newsgroups: gmane.comp.lib.glibc.alpha,gmane.comp.gcc.devel,gmane.linux.lib.musl.general
Subject: Re: Compiler support for erasure of sensitive data
Date: Wed, 9 Sep 2015 12:58:36 -0400
Message-ID: <55F0653C.9010903@panix.com>
References: <55F05FF1.3000405@panix.com>
 <8228C31E-7E1F-478C-9352-3908E6256B2C@dell.com>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
X-Trace: ger.gmane.org 1441818010 22732 80.91.229.3 (9 Sep 2015 17:00:10 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Wed, 9 Sep 2015 17:00:10 +0000 (UTC)
Cc: gcc@gcc.gnu.org, llvmdev@cs.uiuc.edu, libc-alpha@sourceware.org,
 musl@lists.openwall.com
To: Paul_Koning@Dell.com
Original-X-From: libc-alpha-return-63078-glibc-alpha=m.gmane.org@sourceware.org Wed Sep 09 19:00:07 2015
Return-path: <libc-alpha-return-63078-glibc-alpha=m.gmane.org@sourceware.org>
Envelope-to: glibc-alpha@plane.gmane.org
Original-Received: from server1.sourceware.org ([209.132.180.131] helo=sourceware.org)
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <libc-alpha-return-63078-glibc-alpha=m.gmane.org@sourceware.org>)
	id 1ZZiix-0005qy-1k
	for glibc-alpha@plane.gmane.org; Wed, 09 Sep 2015 18:59:55 +0200
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:subject:to:references:cc:from:message-id:date
	:mime-version:in-reply-to:content-type
	:content-transfer-encoding; q=dns; s=default; b=F5iGmlmKGEG10rW+
	+uWh4gxZvZI+FtGLjPWkcBPEEbAccJ1I57PnwHxKmANsdoLuTt/HtwfUBNmxaW67
	vjNbvToDyFVA8oGnXcUHYefPw6d5k3ok2/o2XgUC7kq4J2MKjMaPEiMFlF+vqkqo
	FHf85muF6GFEa13wkVdGQMi8y1w=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:subject:to:references:cc:from:message-id:date
	:mime-version:in-reply-to:content-type
	:content-transfer-encoding; s=default; bh=fnAl3U3CnQKsXP7/wF7/uz
	4ffPk=; b=ymmez+TxGMzhyovoTcrvZNCHFdAfnizIGcZZcx87AgT5dVDfmcB9VT
	UoNi4PDWbEae4NvgeL9GGz/4mjXydHQHe5k7PuCagfNK1xiH7YqGSjMePFAp1IHX
	G6fwRKNKbRSfNfIlhnvgqh/3RWvyTOpVHzFf++mgrMdECTaCXjenM=
Original-Received: (qmail 66299 invoked by alias); 9 Sep 2015 16:58:43 -0000
Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <libc-alpha.sourceware.org>
List-Unsubscribe: <mailto:libc-alpha-unsubscribe-glibc-alpha=m.gmane.org@sourceware.org>
List-Subscribe: <mailto:libc-alpha-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Original-Sender: libc-alpha-owner@sourceware.org
Original-Received: (qmail 66201 invoked by uid 89); 9 Sep 2015 16:58:42 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-1.6 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=unavailable version=3.3.2
X-HELO: mail-qg0-f47.google.com
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=subject:to:references:cc:from:message-id:date:user-agent
         :mime-version:in-reply-to:content-type:content-transfer-encoding;
        bh=5sPK9ItMnsk5aA48a/tsK/xQsMkccPN49U/jAylSLKA=;
        b=h/PcQr1hm4sX5J1Hwa4ZflHJy7hcG5/57S/mZUwPqWQ6tqPnpILiAEZRliKKMw3m0W
         viRULzG980Mej7sq7y772bgpz4DtefYHOtXT1GlsPYLPVi2ccpfA73zQNqiVoWtOGLup
         wu9Fe5jQ7J5Bmj4/B+nUeiJMJsiBnfFt98N4X6yX3MYIxoc8Y1DUa3BvOPeuJh6pdlsT
         DtRim68wUWKzYiWB9vKIov/+FzoP/Esed1vf/xOy4OWGmHmrNggekaVFPpe5cKCqL8Oq
         hkmFiHopbwgLBz4K1JsZ/tMNCArAeA0X7mDItC+vrDiY+pJTwuSDNghimqcSRJN1P3J+
         mseg==
X-Received: by 10.140.131.70 with SMTP id 67mr8068792qhd.70.1441817917446;
        Wed, 09 Sep 2015 09:58:37 -0700 (PDT)
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
 Icedove/38.1.0
In-Reply-To: <8228C31E-7E1F-478C-9352-3908E6256B2C@dell.com>
Xref: news.gmane.org gmane.comp.lib.glibc.alpha:55358 gmane.comp.gcc.devel:141208 gmane.linux.lib.musl.general:8477
Archived-At: <http://permalink.gmane.org/gmane.comp.lib.glibc.alpha/55358>

On 09/09/2015 12:52 PM, Paul_Koning@Dell.com wrote:
> Then again, suppose all you had is explicit_bzero, and an annotation
> on the data saying it's sensitive.  Can static code analyzers take
> care of the rest?  If so, this sort of thing doesn't need to be in
> the compiler.

The thing that absolutely has to be implemented in the compiler (AFAICT)
is register clearing.  I'm undecided as to how *necessary* that is.
There certainly can be a lot of sensitive data in registers (e.g. AESNI
puts an entire AES key schedule in xmm registers).  I don't know of any
exploits that depended on salvaging such data from registers, but I
don't follow exploit research closely.

zw