[cfe-dev] Zero'ing Registers on Function Return
Russell Harmon
eatnumber1 at google.com
Sun Sep 14 10:25:20 PDT 2014
Hey David,
I'd love to discuss and/or have a look at your implementation. Szabolcs
brings up some very good points about the difficulty of doing this
correctly. Are you at the point where you're willing to share your work?
Thanks,
Russ Harmon
On Sat Sep 13 2014 at 1:03:01 AM David Chisnall <David.Chisnall at cl.cam.ac.uk>
wrote:
> Hi Russel,
>
> I didn't realise that Colin had blogged about it. We've discussed it a
> few times in the past and I have an implementation of it that we are
> evaluating.
>
> David
>
> On 12 Sep 2014, at 03:30, Russell Harmon <eatnumber1 at google.com> wrote:
>
> > I've been thinking about the issues with securely zero'ing buffers that
> Colin Percival discusses in his blog article, and I think I'd like to take
> a stab at fixing it in clang. Here's my proposal:
> >
> > Add a function attribute, say __attribute__((clear_regs_on_return))
> which when a thus annotated function returns will zero all callee owned
> registers and spill slots. Then, all unused caller owned registers will be
> immediately cleared by the caller after return.
> >
> > As for why, I'm concerned with the case where a memory disclosure
> vulnerability exposes all or a portion of sensitive data via either spilled
> registers or infrequently used registers (xmm). If an attacker is able to
> analyze a binary for situations wherein sensitive data will be spilled,
> leveraging a memory disclosure vulnerability it's likely one could craft an
> exploit that reveals sensitive data.
> >
> > What does the list think?
> > -Russ Harmon
> > _______________________________________________
> > cfe-dev mailing list
> > cfe-dev at cs.uiuc.edu
> > http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20140914/52c039ce/attachment.html>
More information about the cfe-dev
mailing list