This is the mail archive of the
mailing list for the GCC project.
About BZ#87210 [RFE] To initialize automatic stack variables
- From: P J P <pjp at fedoraproject dot org>
- To: "gcc at gcc dot gnu dot org" <gcc at gcc dot gnu dot org>
- Date: Tue, 19 Feb 2019 10:23:30 +0000 (UTC)
- Subject: About BZ#87210 [RFE] To initialize automatic stack variables
- References: <firstname.lastname@example.org>
- Reply-to: P J P <pj dot pandit at yahoo dot co dot in>
This RFE is about providing gcc option(s) to eliminate information leakage
issues from programs. Information leakage via uninitialised memory has beena chronic/recurring issue across all software. They are found quite often andmay lead to severe effects if found in system software/kernel, OR an applicationwhich handles sensitive information.
Various projects/efforts are underway to keep such information exposurefrom happening
* STACKLEAK - http://lkml.iu.edu/hypermail/linux/kernel/1810.3/00522.html
* KLEAK - https://netbsd.org/gallery/presentations/maxv/kleak.pdf* https://j00ru.vexillium.org/papers/2018/bochspwn_reloaded.pdf
But these are still external corrections to improve specific project and/orsoftware. It does not help to fix/eliminate all information leakage issues.
Automatic memory initialisation:
It'd be immensely helpful and welcome if gcc(1) could provide compile/buildtime options to enable/disable - automatic memory initialisation.
Could we please consider it as more viable/useful option?
-P J P