Re: Zero it if you're going to copy it out.

To: Thor Lancelot Simon <tls%panix.com@localhost>
Subject: Re: Zero it if you're going to copy it out.
From: Cherry G. Mathew <cherry%zyx.in@localhost>
Date: Mon, 25 Jun 2012 19:56:26 +0530

>>>>> "Thor" == Thor Lancelot Simon <tls%panix.com@localhost> writes:

    Thor> On Mon, Jun 25, 2012 at 02:16:33PM +0100, Roger Pau Monne wrote:
    >> 
    >> Yes, it doesn't hurt to zero memory if returning it to the
    >> user. Who knows what might be there previously.

    Thor> I'm sorry, I can't let this go.

Cheers Thor, it's easy to lose sight of how easily kernel holes can be
introduced.

    Thor> This is not a case of "it doesn't hurt" -- it's a case of
    Thor> "it's absolutely necessary".  It is completely unacceptable to
    Thor> leak the contents of kernel memory to the user!

I think Roger's point is that only the bits that are overwritten from
userland are written back to userland - but to be fair to him, he didn't
introduce this - the original code made the same omission. However I
agree, the memory needs to be zeroed as a matter of best practice in
this case and *ALWAYS* in the general case.

Cheers,
-- 
Cherry

References:
- Zero it if you're going to copy it out.
  - From: Thor Lancelot Simon

Prev by Date: Zero it if you're going to copy it out.
Next by Date: crypto_memset (was: Re: Zero it if you're going to copy it out.)
Previous by Thread: Zero it if you're going to copy it out.
Next by Thread: crypto_memset (was: Re: Zero it if you're going to copy it out.)
Indexes:

Home | Main Index | Thread Index | Old Index