Dne 10.4.2014 12:00, Ronald F. Guilmette napsal(a):
Rather, I was asking, albeit indirectly, whether a program or library, such as OpenSSL, which is primarily a security-forcused tool, and upon which a significant fraction of online humanity depends for its security, is deserving of a "belt and suspenders" sytle of defensive programming. [..] (And by the way, it would not be a terribly difficult thing to add to any C compiler a new option that, when used during compilation of select "mission critical" secirity software, would have the effect of generating code for each function that completely zeros at least the statically-sized part of the new stack frame upon entry to the function, or conversely would generate code which would zero the current frame just before function exit. Such an option might be useful when compiling critical security code, such as the OpenSSL library, and if it had been available and used in conjunction with allocation of the problematic buffer on the stack, as I suggested, I believe that those steps, taken together would have eliminated even the possibility of leakage of server-specific secrets.
You can have all those safety nets in the code, functions, compilers, but there will be a day, when some creative person will do some creative "optimization" in name of speed, efficiency, whatever. The compiler is forcing zeroing of buffer on allocation in case of size_of buffer is known on compile time? Let it be size_of int + size_of last_tcp_fragment, yeah, we got them.
Following thread comes on my mind all the time reading your message http://www.mail-archive.com/misc@openbsd.org/msg128161.html (I don't know which platforms are refered as slow, but it would be funny if we are talking about architecture of which last machine standing was just moved in museum between the computing and paleolitic departments.)
-- Ondra _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
