On 10/08/2014 04:15 AM, Sandy Harris wrote:
There are various solutions to this. Linux now has memzero_explicit(), Open SSH has bzero_explicit(), C11 has memset_s().
Minor nit: The C11 standard still allows memset_s to be optimized away if this does not cause an observable difference in behavior (in C terms). I know the intent is different, but this is impossible to address within the standard, considering the direction in which the language has developed over the last decades.
-- Florian Weimer / Red Hat Product Security
