Newsportal USENET - Re: A Famous Security Bug

Re: A Famous Security Bug

Sujet : Re: A Famous Security Bug
De : david.brown (at) *nospam* hesbynett.no (David Brown)
Groupes : comp.lang.c
Date : 21. Mar 2024, 16:13:54

Autres entêtes

Organisation : A noiseless patient Spider
Message-ID : <uthirj$29aoc$1@dont-email.me>
References : 1 2
User-Agent : Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0

On 20/03/2024 19:54, Kaz Kylheku wrote:

On 2024-03-20, Stefan Ram <ram@zedat.fu-berlin.de> wrote:
   A "famous security bug":
>
void f( void )
{ char buffer[ MAX ];
   /* . . . */
   memset( buffer, 0, sizeof( buffer )); }
>
   . Can you see what the bug is?
I don't know about "the bug", but conditions can be identified under
which that would have a problem executing, like MAX being in excess
of available automatic storage.
If the /*...*/ comment represents the elision of some security sensitive
code, where the memset is intended to obliterate secret information,
of course, that obliteration is not required to work.
After the memset, the buffer has no next use, so the all the assignments
performed by memset to the bytes of buffer are dead assignments that can
be elided.
To securely clear memory, you have to use a function for that purpose
that is not susceptible to optimization.
If you're not doing anything stupid, like link time optimization, an
external function in another translation unit (a function that the
compiler doesn't recognize as being an alias or wrapper for memset)
ought to suffice.

Using LTO is not "stupid". Relying on people /not/ using LTO, or not using other valid optimisations, is "stupid".
/Really/ dealing with this kind of potential data leakage is a multi-faceted problem. Does it matter if you zero out this buffer, if that is just in the cache and the original password data is still in the ram ready to be read with a Rowhammer attack? Or if there is a copy somewhere else in code that used it?
Of course it is important to deal with possible security issues at every practical point, so zeroing out this buffer is part of the solution - as long as no one thinks that using C23's memset_explicit(), or similar functions, are somehow complete fixes.
Calling an external function in another translation unit, however, is not a way to guarantee particular effects. Using volatile accesses is better (if you don't have a suitable function with the right guarantees for your target OS and/or C version). There are also compiler-specific ways, such as adding "__asm__("" : "+m" (buffer));" after the memset.

Les messages affichés proviennent d'usenet.

Date	Sujet	#	Auteur
20 Mar 24	A Famous Security Bug	118	Stefan Ram
20 Mar 24	Re: A Famous Security Bug	108	Kaz Kylheku
20 Mar 24	Re: A Famous Security Bug	2	Keith Thompson
20 Mar 24	Re: A Famous Security Bug	1	Keith Thompson
21 Mar 24	Re: A Famous Security Bug	35	David Brown
21 Mar 24	Re: A Famous Security Bug	34	Kaz Kylheku
21 Mar 24	Re: A Famous Security Bug	4	Chris M. Thomasson
21 Mar 24	Re: A Famous Security Bug	3	Chris M. Thomasson
22 Mar 24	Re: A Famous Security Bug	2	Chris M. Thomasson
22 Mar 24	Re: A Famous Security Bug	1	Chris M. Thomasson
21 Mar 24	Re: A Famous Security Bug	28	Keith Thompson
22 Mar 24	Re: A Famous Security Bug	24	Kaz Kylheku
22 Mar 24	Re: A Famous Security Bug	19	Keith Thompson
22 Mar 24	Re: A Famous Security Bug	18	Kaz Kylheku
22 Mar 24	Re: A Famous Security Bug	2	James Kuyper
22 Mar 24	Re: A Famous Security Bug	1	Kaz Kylheku
22 Mar 24	Re: A Famous Security Bug	1	David Brown
22 Mar 24	Re: A Famous Security Bug	14	Keith Thompson
22 Mar 24	Re: A Famous Security Bug	13	Kaz Kylheku
23 Mar 24	Re: A Famous Security Bug	12	David Brown
23 Mar 24	Re: A Famous Security Bug	11	Kaz Kylheku
23 Mar 24	Re: A Famous Security Bug	2	David Brown
24 Mar 24	Re: A Famous Security Bug	1	Kaz Kylheku
23 Mar 24	Re: A Famous Security Bug	8	James Kuyper
24 Mar 24	Re: A Famous Security Bug	7	Kaz Kylheku
24 Mar 24	Re: A Famous Security Bug	6	David Brown
24 Mar 24	Re: A Famous Security Bug	5	Kaz Kylheku
24 Mar 24	Re: A Famous Security Bug	3	David Brown
27 Mar 24	Re: A Famous Security Bug	2	Kaz Kylheku
28 Mar 24	Re: A Famous Security Bug	1	David Brown
24 Mar 24	Re: A Famous Security Bug	1	Chris M. Thomasson
22 Mar 24	Re: A Famous Security Bug	1	James Kuyper
22 Mar 24	Re: A Famous Security Bug	3	David Brown
22 Mar 24	Re: A Famous Security Bug	2	Kaz Kylheku
22 Mar 24	Re: A Famous Security Bug	1	David Brown
22 Mar 24	Re: A Famous Security Bug	3	James Kuyper
22 Mar 24	Re: A Famous Security Bug	2	Kaz Kylheku
22 Mar 24	Re: A Famous Security Bug	1	James Kuyper
22 Mar 24	Re: A Famous Security Bug	1	David Brown
21 Mar 24	Re: A Famous Security Bug	70	Anton Shepelev
21 Mar 24	Re: A Famous Security Bug	1	Keith Thompson
21 Mar 24	Re: A Famous Security Bug	15	Kaz Kylheku
22 Mar 24	Re: A Famous Security Bug	13	David Brown
22 Mar 24	Re: A Famous Security Bug	12	Kaz Kylheku
22 Mar 24	Re: A Famous Security Bug	1	James Kuyper
22 Mar 24	Re: A Famous Security Bug	10	David Brown
23 Mar 24	Re: A Famous Security Bug	9	Richard Kettlewell
23 Mar 24	Re: A Famous Security Bug	1	Kaz Kylheku
23 Mar 24	Re: A Famous Security Bug	2	David Brown
23 Mar 24	Re: A Famous Security Bug	1	Kaz Kylheku
24 Mar 24	Re: A Famous Security Bug	5	Tim Rentsch
24 Mar 24	Re: A Famous Security Bug	4	Malcolm McLean
17 Apr 24	Re: A Famous Security Bug	3	Tim Rentsch
18 Apr 24	Re: A Famous Security Bug	1	David Brown
18 Apr 24	Re: A Famous Security Bug	1	Keith Thompson
28 Mar 24	Re: A Famous Security Bug	1	Anton Shepelev
22 Mar 24	Re: A Famous Security Bug	1	Tim Rentsch
22 Mar 24	Re: A Famous Security Bug	52	James Kuyper
22 Mar 24	Re: A Famous Security Bug	51	bart
23 Mar 24	Re: A Famous Security Bug	5	Keith Thompson
23 Mar 24	Re: A Famous Security Bug	4	Kaz Kylheku
23 Mar 24	Re: A Famous Security Bug	3	David Brown
23 Mar 24	Re: A Famous Security Bug	2	bart
24 Mar 24	Re: A Famous Security Bug	1	David Brown
23 Mar 24	Re: A Famous Security Bug	45	James Kuyper
23 Mar 24	Re: A Famous Security Bug	44	bart
23 Mar 24	Re: A Famous Security Bug	37	David Brown
23 Mar 24	Re: A Famous Security Bug	36	bart
24 Mar 24	Re: A Famous Security Bug	29	David Brown
24 Mar 24	Re: A Famous Security Bug	28	bart
24 Mar 24	Re: A Famous Security Bug	12	Keith Thompson
25 Mar 24	Re: A Famous Security Bug	1	David Brown
25 Mar 24	Re: A Famous Security Bug	3	Michael S
25 Mar 24	Re: A Famous Security Bug	1	David Brown
25 Mar 24	Re: A Famous Security Bug	1	Keith Thompson
25 Mar 24	Re: A Famous Security Bug	7	bart
25 Mar 24	Re: A Famous Security Bug	6	Michael S
25 Mar 24	Re: A Famous Security Bug	4	bart
25 Mar 24	Re: A Famous Security Bug	3	David Brown
25 Mar 24	Re: A Famous Security Bug	2	Malcolm McLean
25 Mar 24	Re: A Famous Security Bug	1	Michael S
25 Mar 24	Re: A Famous Security Bug	1	David Brown
25 Mar 24	Re: A Famous Security Bug	15	David Brown
25 Mar 24	Re: A Famous Security Bug	14	Michael S
25 Mar 24	Re: A Famous Security Bug	13	David Brown
25 Mar 24	Re: A Famous Security Bug	3	Michael S
25 Mar 24	Re: A Famous Security Bug	1	David Brown
25 Mar 24	Re: A Famous Security Bug	1	bart
25 Mar 24	Re: A Famous Security Bug	9	bart
25 Mar 24	Re: A Famous Security Bug	7	Michael S
25 Mar 24	Re: A Famous Security Bug	6	bart
25 Mar 24	Re: A Famous Security Bug	1	David Brown
25 Mar 24	Re: A Famous Security Bug	4	Michael S
25 Mar 24	Re: A Famous Security Bug	3	bart
26 Mar 24	Re: A Famous Security Bug	2	Michael S
26 Mar 24	Re: A Famous Security Bug	1	bart
25 Mar 24	Re: A Famous Security Bug	1	David Brown
24 Mar 24	Re: A Famous Security Bug	6	Michael S
24 Mar 24	Re: A Famous Security Bug	5	bart
25 Mar 24	Re: A Famous Security Bug	2	Michael S
25 Mar 24	Re: A Famous Security Bug	1	Michael S
25 Mar 24	Re: A Famous Security Bug	1	David Brown
28 Mar 24	Re: A Famous Security Bug	1	James Kuyper
23 Mar 24	Re: A Famous Security Bug	1	Tim Rentsch
24 Mar 24	Re: A Famous Security Bug	1	Michael S
24 Mar 24	Re: A Famous Security Bug	3	Michael S
28 Mar 24	Re: A Famous Security Bug	1	James Kuyper
20 Mar 24	Re: A Famous Security Bug	1	Joerg Mertens
20 Mar 24	Re: A Famous Security Bug	5	Chris M. Thomasson
27 Mar 24	Re: A Famous Security Bug	3	Stefan Ram