From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/8476 Path: news.gmane.org!not-for-mail From: Newsgroups: gmane.comp.gcc.devel,gmane.comp.lib.glibc.alpha,gmane.linux.lib.musl.general Subject: Re: Compiler support for erasure of sensitive data Date: Wed, 9 Sep 2015 16:52:33 +0000 Message-ID: <8228C31E-7E1F-478C-9352-3908E6256B2C@dell.com> References: <55F05FF1.3000405@panix.com> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Trace: ger.gmane.org 1441817600 15385 80.91.229.3 (9 Sep 2015 16:53:20 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Wed, 9 Sep 2015 16:53:20 +0000 (UTC) Cc: , , , To: Original-X-From: gcc-return-188700-gcg-devel-2=m.gmane.org@gcc.gnu.org Wed Sep 09 18:53:18 2015 Return-path: Envelope-to: gcg-devel-2@plane.gmane.org Original-Received: from server1.sourceware.org ([209.132.180.131] helo=sourceware.org) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1ZZicS-0007as-4X for gcg-devel-2@plane.gmane.org; Wed, 09 Sep 2015 18:53:12 +0200 DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:from :to:cc:subject:date:message-id:references:in-reply-to :content-type:content-id:content-transfer-encoding:mime-version; q=dns; s=default; b=sDJwbi/16nTU/8ITwDM8DLVQBe0Ex3wKZaJ5uA4g4vH J9bxZZj04dB7IJOuzkRlsNpNVmJ+lUbRP+a++nIxidTQpznS0ZzIjrCOnwITcFSm 99WYEGFwl301Ut/MVioqXu6UiyGMp0oYkvfqNHw73NkGXjBamwL3TyIwrfThAn18 = DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:from :to:cc:subject:date:message-id:references:in-reply-to :content-type:content-id:content-transfer-encoding:mime-version; s=default; bh=h+xsq3MOU7J8pMLaHSfKlDCS/ho=; b=NlPkWRULO1P4nOXxC NYNuvy5VV5NMQbOvvV874orEQiuJZU5ul7oTASvrOJKK4qpsG8px9C+xrRm9vlKk tS0gaHMonPdNvyJlUWQwlNq8uSEq8tC+R0R7wuZ2E/+pNO+a7g7DN52Vkl+XcU7m UbGvrJog4RP0GKtXJ/iJSgaLog= Original-Received: (qmail 50933 invoked by alias); 9 Sep 2015 16:52:39 -0000 Mailing-List: contact gcc-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Archive: List-Post: List-Help: Original-Sender: gcc-owner@gcc.gnu.org Original-Received: (qmail 50911 invoked by uid 89); 9 Sep 2015 16:52:39 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.1 required=5.0 tests=AWL,BAYES_20,SPF_PASS,T_RP_MATCHES_RCVD autolearn=ham version=3.3.2 X-HELO: ausxippc101.us.dell.com Original-Received: from ausxippc101.us.dell.com (HELO ausxippc101.us.dell.com) (143.166.85.207) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (CAMELLIA256-SHA encrypted) ESMTPS; Wed, 09 Sep 2015 16:52:37 +0000 X-LoopCount0: from 10.170.28.41 In-Reply-To: <55F05FF1.3000405@panix.com> Content-ID: <0697CD983EEF484E8B44928762652E62@dell.com> X-IsSubscribed: yes Xref: news.gmane.org gmane.comp.gcc.devel:141206 gmane.comp.lib.glibc.alpha:55356 gmane.linux.lib.musl.general:8476 Archived-At: > On Sep 9, 2015, at 12:36 PM, Zack Weinberg wrote: >=20 > ... > I think the ideal feature addition to address this would be >=20 > void safe(void) > { > struct key __attribute__((sensitive)) k =3D get_key(); > use_key(k); > } That certainly is a cleaner answer. What is attractive about it is that it= expresses the need for variables (data) to be given different treatment, r= ather than expecting the programmer to code that special treatment in every= place where that data becomes dead. It's also likely to be a whole lot ha= rder to implement, unfortunately. Then again, suppose all you had is explicit_bzero, and an annotation on the= data saying it's sensitive. Can static code analyzers take care of the re= st? If so, this sort of thing doesn't need to be in the compiler. paul