On Tue, 15 Aug 2023, Paul Koning wrote:
> Now I'm confused. I thought the whole point of what GCC is trying to, and > wants to document, is that it DOES preserve security properties. If the > source code is standards-compliant and contains algorithms free of security > holes, then the compiler is supposed to deliver output code that is likewise > free of holes -- in other words, the transformation performed by GCC does not > introduce holes in a hole-free input. Yes, we seem to broadly agree here. The text given by Siddhesh enumerates scenarios were an incorrent transform could be considered a security bug. My examples explore situations outside of those scenarios, picking two popular security properties that cannot be always attained by writing C source that vaguely appears to conform, and expecting the compiler to translate in to machine code that actually conforms. > > Granted, it is a bit of a stretch since the notion of timing-safety is > > not really well-defined for C source code, but I didn't come up with > > better examples. > > Is "timing-safety" a security property? Not the way I understand that > term. It sounds like another way to say that the code meets real time > constraints or requirements. I meant in the sense of not admitting timing attacks: https://en.wikipedia.org/wiki/Timing_attack > No, compilers don't help with that (at least C doesn't -- Ada might be > better here but I don't know enough). For sufficiently strict > requirements you'd have to examine both the generated machine code and > understand, in gruesome detail, what the timing behaviors of the executing > hardware are. Good luck if it's a modern billion-transistor machine. Yes. On the other hand, the reality in the FOSS ecosystem is that cryptographic libraries heavily lean on the ability to express a constant-time algorithm in C and get machine code that is actually constant-time. There's a bit of a conflict here between what we can promise and what people might expect of GCC, and it seems relevant when discussing what goes into the Security Policy. Thanks. Alexander
