[cfe-dev] Zero'ing Registers on Function Return
Reid Kleckner
rnk at google.com
Thu Sep 11 20:55:15 PDT 2014
Seems reasonable, but I think you would need to zap the stack memory too,
as well as the memory used for inner calls.
This would probably end up being an LLVM IR function attribute that gets
handled in the backend.
On Thu, Sep 11, 2014 at 7:30 PM, Russell Harmon <eatnumber1 at google.com>
wrote:
> I've been thinking about the issues with securely zero'ing buffers that
> Colin Percival discusses in his blog article
> <http://www.daemonology.net/blog/2014-09-06-zeroing-buffers-is-insufficient.html>,
> and I think I'd like to take a stab at fixing it in clang. Here's my
> proposal:
>
> Add a function attribute, say __attribute__((clear_regs_on_return)) which
> when a thus annotated function returns will zero all callee owned registers
> and spill slots. Then, all unused caller owned registers will be
> immediately cleared by the caller after return.
>
> As for why, I'm concerned with the case where a memory disclosure
> vulnerability exposes all or a portion of sensitive data via either spilled
> registers or infrequently used registers (xmm). If an attacker is able to
> analyze a binary for situations wherein sensitive data will be spilled,
> leveraging a memory disclosure vulnerability it's likely one could craft an
> exploit that reveals sensitive data.
>
> What does the list think?
> -Russ Harmon
>
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20140911/25c5c022/attachment.html>
More information about the cfe-dev
mailing list