From RISKS: secret scrubbing code removed by optimizers

Ben Lindstrom mouring at etoh.eviladmin.org
Fri Nov 8 09:41:56 EST 2002


I know there has been a lot of talk on private OpenBSD lists and it is
being ensured that gcc never removes memset() entries on OpenBSD.

Personally I think if gcc is optimizing it away it is incorrect.  I
believe 3.2+ GCC series supports a flag to leave memsets, but I'm not sure
how usaged 3.2 is.



- Ben

On Fri, 8 Nov 2002, Darren Tucker wrote:

> This showed up in RISKS and no one has mentioned it here yet, so..
>
> OpenSSH contains lots of code like:
>
> char *password = read_passphrase(prompt, 0);
> [do stuff]
> memset(password, 0, strlen(password));
>
> >From http://online.securityfocus.com/archive/82/297827
>
> "clearing sensitive information such as encryption keys from memory may
> not work as expected because an optimising compiler removes the memset()
> if it decides it's redundant."
>
> "When compiled with any level of optimisation using gcc, the key
> clearing call goes away because of dead code elimination."
>
> --
> Darren Tucker (dtucker at zip.com.au)
> GPG Fingerprint D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
>     Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>




More information about the openssh-unix-dev mailing list