From RISKS: secret scrubbing code removed by optimizers
Ben Lindstrom
mouring at etoh.eviladmin.org
Fri Nov 8 13:00:27 EST 2002
On Thu, 7 Nov 2002, Carson Gaspar wrote:
>
>
> --On Thursday, November 07, 2002 4:41 PM -0600 Ben Lindstrom
> <mouring at etoh.eviladmin.org> wrote:
>
> >
> > I know there has been a lot of talk on private OpenBSD lists and it is
> > being ensured that gcc never removes memset() entries on OpenBSD.
> >
> > Personally I think if gcc is optimizing it away it is incorrect. I
> > believe 3.2+ GCC series supports a flag to leave memsets, but I'm not sure
> > how usaged 3.2 is.
>
> If you don't want the memset() optimized away, you should declare the
> variable volatile.
>
There has been talked that this my not solve the problem. The correct
thing is to set a gcc flag telling gcc to leave memset() the heck alone
=-)
- Ben
More information about the openssh-unix-dev
mailing list