On Friday 06 January 2017 12:09:09 Bernhard Voelker wrote:
> On 01/05/2017 11:33 PM, Sami Kerola wrote:
> > +#ifdef HAVE_EXPLICIT_BZERO
> > + explicit_bzero(xpwd, strlen(xpwd));
> > +#else
> > xmemset_s(xpwd, strlen(xpwd), 0);
> > +#endif
> > free(xpwd);
>
> Do you think it's worth making things even more complicated
> for overwriting a simple string? I mean, a simple
>
> for (char *c = xpwd; c; c++)
> c = '\0';
>
> would do, wouldn't it?
I'm not an expert about this but explicit_bzero() seems to do some tricks to
avoid any compiler optimizations. Maybe the compiler would just not execute
the complete for loop if we never access bytes after the (first) NULL byte
later!? If this issue would be trivial then they probably wouldn't have added
the explicit_bzero() function at all.
see BSD's bzero man page:
The explicit_bzero() variant behaves the same, but will not be removed by
a compiler's dead store optimization pass, making it useful for clearing
sensitive memory such as a password.
and source code:
http://www.leidinger.net/FreeBSD/dox/libkern/html/d5/da7/explicit__bzero_8c_source.html
cu,
Rudi
--
To unsubscribe from this list: send the line "unsubscribe util-linux" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
