On Wed, 2002-10-30 at 10:11, Peter Gutmann wrote:
> When compiled with any level of optimisation using gcc, the key clearing call
> goes away because of dead code elimination (see the MSDN article for more
> details on this, which uses VC++ to get the same effect). While you can
> kludge enough stuff around a custom memory-clear call to fool the optimiser
> (hacks with 'volatile', touching the memory after it's cleared and hoping the
> optimiser is fooled, etc etc) there's no guarantee that it'll work for
> anything but the compiler(s) you happen to test it with - any future
> enhancement to the optimiser may turn it back into a nop. What it really
> needs is the addition of a #pragma dont_remove_this_code_you_bastard in the
> compiler. Until then, a lot of security code will be affected by this
> problem.
The off-list discussion about band-aids was fun. Regarding the pragma,
it does exist for VC++.
#pragma optimize( "", off )
Turns off all optimization.
#pragma optimize( "", on )
Restores the optimization settings to the original values.
I haven't looked at gcc yet, but even if it had such a #pragma, there is
always the issue of developer education. But this is what your post was
about I believe...
> When compiled with any level of optimisation using gcc, the key clearing call
> goes away because of dead code elimination (see the MSDN article for more
> details on this, which uses VC++ to get the same effect). While you can
> kludge enough stuff around a custom memory-clear call to fool the optimiser
> (hacks with 'volatile', touching the memory after it's cleared and hoping the
> optimiser is fooled, etc etc) there's no guarantee that it'll work for
> anything but the compiler(s) you happen to test it with - any future
> enhancement to the optimiser may turn it back into a nop. What it really
> needs is the addition of a #pragma dont_remove_this_code_you_bastard in the
> compiler. Until then, a lot of security code will be affected by this
> problem.
The off-list discussion about band-aids was fun. Regarding the pragma,
it does exist for VC++.
#pragma optimize( "", off )
Turns off all optimization.
#pragma optimize( "", on )
Restores the optimization settings to the original values.
I haven't looked at gcc yet, but even if it had such a #pragma, there is
always the issue of developer education. But this is what your post was
about I believe...
Regards,
Frank
[ reply ]