[cfe-dev] Zero'ing Registers on Function Return
David Chisnall
David.Chisnall at cl.cam.ac.uk
Sat Sep 13 01:02:56 PDT 2014
Hi Russel,
I didn't realise that Colin had blogged about it. We've discussed it a few times in the past and I have an implementation of it that we are evaluating.
David
On 12 Sep 2014, at 03:30, Russell Harmon <eatnumber1 at google.com> wrote:
> I've been thinking about the issues with securely zero'ing buffers that Colin Percival discusses in his blog article, and I think I'd like to take a stab at fixing it in clang. Here's my proposal:
>
> Add a function attribute, say __attribute__((clear_regs_on_return)) which when a thus annotated function returns will zero all callee owned registers and spill slots. Then, all unused caller owned registers will be immediately cleared by the caller after return.
>
> As for why, I'm concerned with the case where a memory disclosure vulnerability exposes all or a portion of sensitive data via either spilled registers or infrequently used registers (xmm). If an attacker is able to analyze a binary for situations wherein sensitive data will be spilled, leveraging a memory disclosure vulnerability it's likely one could craft an exploit that reveals sensitive data.
>
> What does the list think?
> -Russ Harmon
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
More information about the cfe-dev
mailing list