Date: Thu, 10 Apr 2014 15:39:51 +0200 From: Ondra Knezour <knezour@weboutsourcing.cz> To: "Ronald F. Guilmette" <rfg@tristatelogic.com>, freebsd-security@freebsd.org Subject: Re: Heartbleed, a few naive questions Message-ID: <53469F27.90509@weboutsourcing.cz> In-Reply-To: <42638.1397124000@server1.tristatelogic.com> References: <42638.1397124000@server1.tristatelogic.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Dne 10.4.2014 12:00, Ronald F. Guilmette napsal(a): > Rather, I was asking, albeit indirectly, whether a program or > library, such as OpenSSL, which is primarily a security-forcused > tool, and upon which a significant fraction of online humanity > depends for its security, is deserving of a "belt and suspenders" > sytle of defensive programming. > [..] > (And by the way, it would not be a terribly difficult thing to add to > any C compiler a new option that, when used during compilation of > select "mission critical" secirity software, would have the effect of > generating code for each function that completely zeros at least the > statically-sized part of the new stack frame upon entry to the > function, or conversely would generate code which would zero the > current frame just before function exit. Such an option might be > useful when compiling critical security code, such as the OpenSSL > library, and if it had been available and used in conjunction with > allocation of the problematic buffer on the stack, as I suggested, I > believe that those steps, taken together would have eliminated even > the possibility of leakage of server-specific secrets. You can have all those safety nets in the code, functions, compilers, but there will be a day, when some creative person will do some creative "optimization" in name of speed, efficiency, whatever. The compiler is forcing zeroing of buffer on allocation in case of size_of buffer is known on compile time? Let it be size_of int + size_of last_tcp_fragment, yeah, we got them. Following thread comes on my mind all the time reading your message http://www.mail-archive.com/misc@openbsd.org/msg128161.html (I don't know which platforms are refered as slow, but it would be funny if we are talking about architecture of which last machine standing was just moved in museum between the computing and paleolitic departments.) -- Ondra
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53469F27.90509>