[cfe-dev] [EXTERNAL] Re: making -ftrivial-auto-var-init=zero a first-class option

Kees Cook via cfe-dev cfe-dev at lists.llvm.org
Wed Apr 22 13:55:01 PDT 2020


On Wed, Apr 22, 2020 at 01:08:03PM -0700, Richard Smith wrote:
> On Wed, 22 Apr 2020 at 10:49, Joe Bialek <jobialek at microsoft.com> wrote:
> > Also not clear to me what the OS is expected to do with this trap. We have
> > a number of information leak vulnerabilities where force initialization
> > kills the bug silently.
> >
> 
> Do you really mean "kills the bug"? I would certainly believe you have a
> number of information leak vulnerabilities where zero-init fixes the
> *vulnerability* (and we should definitely provide tools to harden programs
> against such vulnerabilities), but the program is still using an
> uninitialized value and still has a bug. The idea that this compiler change
> fixes or removes the bug is precisely the language dialect problem that I'm
> concerned about. Developers must still think that reading an uninitialized
> value is a bug (even if it's not a vulnerability any more) or they're
> writing a program in a language dialect where doing that is not a bug.

Yeah, this is another "different communities mean different things"
terminology glitch. For the security folks, "bug" tends to stand in for
"security bug" or "security flaw". But yes, as you say, the "bug"
(misuse of the C language) is present, but the "security flaw" gets
downgraded to "just a bug" in the zero-init case. :)

-- 
Kees Cook


More information about the cfe-dev mailing list