Bugtraq mailing list archives
RE: When scrubbing secrets in memory doesn't work
From: Michael Wojcik <Michael.Wojcik () microfocus com>
Date: Thu, 14 Nov 2002 02:44:58 -0800
From: Jan Echternach [mailto:jan () goneko de] Sent: Monday, November 11, 2002 11:47 AM
On Fri, Nov 08, 2002 at 05:23:34PM +0100, Michael Zimmermann wrote:Not to declare the intermediate storage for sensitive data as 'volatile' is a coding flaw. An esily overlooked one, yes, but nevertheless... Like forgetting to protect critical code with semaphores.'volatile' isn't sufficient to be safe. In fact, there's no way to be sure that some C code doesn't leave copies of sensitive data around, because there's nothing in the C standard that forbids the compiler to keep copies of data.
True, and an important point, but a separate problem from the original one (memset being eliminated by dead store optimization). The problem you describe here (and its variants, such as sensitive data remaining in persistent storage, eg a swap partition) is entirely outside the scope of the C standard. So, for that matter, is the obvious race between using and "scrubbing" the sensitive data. Scrubbing is clearly no more than a best-effort attempt to make it more difficult to retrieve sensitive data from memory. I think it's of dubious value, frankly, and this thread has probably prompted more discussion than it warrants. There is a portable way to prevent the dead-store-elimination problem, but that's only one of scrubbing's many failings. Michael Wojcik Principal Software Systems Developer, Micro Focus
Current thread:
- When scrubbing secrets in memory doesn't work Michael Howard (Nov 05)
- Re: When scrubbing secrets in memory doesn't work Perry E. Metzger (Nov 05)
- Re: When scrubbing secrets in memory doesn't work Andy Polyakov (Nov 07)
- Re: When scrubbing secrets in memory doesn't work Gianni Tedesco (Nov 07)
- Re: When scrubbing secrets in memory doesn't work Valdis . Kletnieks (Nov 08)
- Re: When scrubbing secrets in memory doesn't work Michael Zimmermann (Nov 09)
- Re: When scrubbing secrets in memory doesn't work Jan Echternach (Nov 14)
- <Possible follow-ups>
- When scrubbing secrets in memory doesn't work Michael Howard (Nov 09)
- RE: When scrubbing secrets in memory doesn't work Michael Wojcik (Nov 12)
- RE: When scrubbing secrets in memory doesn't work Michael Wojcik (Nov 17)
- Re: When scrubbing secrets in memory doesn't work Nicholas Weaver (Nov 18)
- Re: When scrubbing secrets in memory doesn't work Richard Moore (Nov 20)
- Re: When scrubbing secrets in memory doesn't work Florian Weimer (Nov 18)
- Re: When scrubbing secrets in memory doesn't work Peter Watkins (Nov 19)
- Re: When scrubbing secrets in memory doesn't work Nicholas Weaver (Nov 18)
- Re: When scrubbing secrets in memory doesn't work Perry E. Metzger (Nov 05)