This is the mail archive of the
mailing list for the GCC project.
Re: [musl] Re: Compiler support for erasure of sensitive data
- From: Denys Vlasenko <vda dot linux at googlemail dot com>
- To: musl <musl at lists dot openwall dot com>, Zack Weinberg <zackw at panix dot com>, Paul_Koning at dell dot com, dje dot gcc at gmail dot com, gcc at gcc dot gnu dot org, libc-alpha at sourceware dot org
- Date: Thu, 22 Oct 2015 18:02:05 +0200
- Subject: Re: [musl] Re: Compiler support for erasure of sensitive data
- Authentication-results: sourceware.org; auth=none
- References: <55F05FF1 dot 3000405 at panix dot com> <CAGWvnykLHzcM+puBr4G0gGOefpdVjg77mCsd3GM9--HAOacivg at mail dot gmail dot com> <EEF686A4-BC3C-4BC8-BEB8-3502965F2405 at dell dot com> <55F08296 dot 10003 at panix dot com> <20150909202654 dot GO28959 at port70 dot net>
On Wed, Sep 9, 2015 at 10:26 PM, Szabolcs Nagy <email@example.com> wrote:
> * Zack Weinberg <firstname.lastname@example.org> [2015-09-09 15:03:50 -0400]:
>> On 09/09/2015 02:02 PM, Paul_Koning@Dell.com wrote:
>> >> On Sep 9, 2015, at 1:54 PM, David Edelsohn <email@example.com>
>> >> wrote:
>> >> What level of erasure of sensitive data are you trying to ensure?
>> >> Assuming that overwriting values in the ISA registers actually
>> >> completely clears and destroys the values is delusionally naive.
>> > Could you point to some references about that?
>> I *assume* David is referring to register renaming, which is not
>> architecturally visible...
> or async signal handler copying all the register state on sigaltstack
> or internal counters and debug features making sensitive info observable
> or timing/cache-effect side channels that let other processes get info
> or compiling to a highlevel language (js) with different kind of leaks
> or running under emulator/debugger that can make secrets visible
I think if attacker got that much control of the machine that he can
get, for example, signals to reach your sensitive process, you already lost.
Ditto for running under emulator.