From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/8706 Path: news.gmane.org!not-for-mail From: Denys Vlasenko Newsgroups: gmane.comp.lib.glibc.alpha,gmane.linux.lib.musl.general,gmane.comp.gcc.devel Subject: Re: [musl] Re: Compiler support for erasure of sensitive data Date: Thu, 22 Oct 2015 18:02:05 +0200 Message-ID: References: <55F05FF1.3000405@panix.com> <55F08296.10003@panix.com> <20150909202654.GO28959@port70.net> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 X-Trace: ger.gmane.org 1445529769 10192 80.91.229.3 (22 Oct 2015 16:02:49 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Thu, 22 Oct 2015 16:02:49 +0000 (UTC) To: musl , Zack Weinberg , Paul_Koning@dell.com, dje.gcc@gmail.com, gcc@gcc.gnu.org, libc-alpha@sourceware.org Original-X-From: libc-alpha-return-64429-glibc-alpha=m.gmane.org@sourceware.org Thu Oct 22 18:02:45 2015 Return-path: Envelope-to: glibc-alpha@plane.gmane.org Original-Received: from server1.sourceware.org ([209.132.180.131] helo=sourceware.org) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1ZpIK6-0005uH-N9 for glibc-alpha@plane.gmane.org; Thu, 22 Oct 2015 18:02:39 +0200 DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-type; q=dns; s=default; b=NxH8cD+ Bhzx1GeWyb1bTVBKwfRWxfAEXyXSNrWoLHsoX09qiPs7MaferQoetjtiiEk9lteV 0j9Ie3M9T9P2K4d3WotcvbYijdWWMMr1XzMNiS5mjVEx7e8zfkT4UwFCSFzaYN+H HoMlwQODHbBaoKaZK+H9ZdPv/aRbj+VOj+n0= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-type; s=default; bh=/vsZY5imx83Ug Tkd9UqR16LBntc=; b=LiaCiia8SkPNwflv6omh7LK+oUiM2aqMlPUWPukQuFXo1 reIFIkDaOriU4N49RokR6F58HKCeIt7v70CGvo7vNpUyLe4vuEH8Z0DNzBnn3uCD zpZwaEPsImiFFYtk6H+Qg3sx19DvTIf5f5iNItkDf5rU8wYP9MOuJ060NCkJSA= Original-Received: (qmail 89818 invoked by alias); 22 Oct 2015 16:02:28 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Original-Sender: libc-alpha-owner@sourceware.org Original-Received: (qmail 89765 invoked by uid 89); 22 Oct 2015 16:02:28 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.7 required=5.0 tests=AWL,BAYES_20,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2 X-HELO: mail-qg0-f53.google.com X-Received: by 10.140.40.239 with SMTP id x102mr19553786qgx.10.1445529744623; Thu, 22 Oct 2015 09:02:24 -0700 (PDT) In-Reply-To: <20150909202654.GO28959@port70.net> Xref: news.gmane.org gmane.comp.lib.glibc.alpha:56709 gmane.linux.lib.musl.general:8706 gmane.comp.gcc.devel:141627 Archived-At: On Wed, Sep 9, 2015 at 10:26 PM, Szabolcs Nagy wrote: > * Zack Weinberg [2015-09-09 15:03:50 -0400]: >> On 09/09/2015 02:02 PM, Paul_Koning@Dell.com wrote: >> >> On Sep 9, 2015, at 1:54 PM, David Edelsohn >> >> wrote: >> >> >> >> What level of erasure of sensitive data are you trying to ensure? >> >> Assuming that overwriting values in the ISA registers actually >> >> completely clears and destroys the values is delusionally naive. >> > >> > Could you point to some references about that? >> >> I *assume* David is referring to register renaming, which is not >> architecturally visible... >> > > or async signal handler copying all the register state on sigaltstack > or internal counters and debug features making sensitive info observable > or timing/cache-effect side channels that let other processes get info > or compiling to a highlevel language (js) with different kind of leaks > or running under emulator/debugger that can make secrets visible > or... I think if attacker got that much control of the machine that he can get, for example, signals to reach your sensitive process, you already lost. Ditto for running under emulator.