On 09/09/2015 12:52 PM, paul_kon...@dell.com wrote: > Then again, suppose all you had is explicit_bzero, and an annotation > on the data saying it's sensitive. Can static code analyzers take > care of the rest? If so, this sort of thing doesn't need to be in > the compiler.
The thing that absolutely has to be implemented in the compiler (AFAICT) is register clearing. I'm undecided as to how *necessary* that is. There certainly can be a lot of sensitive data in registers (e.g. AESNI puts an entire AES key schedule in xmm registers). I don't know of any exploits that depended on salvaging such data from registers, but I don't follow exploit research closely. zw
