From RISKS: secret scrubbing code removed by optimizers

Ben Lindstrom mouring at etoh.eviladmin.org
Fri Nov 8 13:00:27 EST 2002



On Thu, 7 Nov 2002, Carson Gaspar wrote:

>
>
> --On Thursday, November 07, 2002 4:41 PM -0600 Ben Lindstrom
> <mouring at etoh.eviladmin.org> wrote:
>
> >
> > I know there has been a lot of talk on private OpenBSD lists and it is
> > being ensured that gcc never removes memset() entries on OpenBSD.
> >
> > Personally I think if gcc is optimizing it away it is incorrect.  I
> > believe 3.2+ GCC series supports a flag to leave memsets, but I'm not sure
> > how usaged 3.2 is.
>
> If you don't want the memset() optimized away, you should declare the
> variable volatile.
>

There has been talked that this my not solve the problem.  The correct
thing is to set a gcc flag telling gcc to leave memset() the heck alone
=-)

- Ben




More information about the openssh-unix-dev mailing list