GitHub (Jan 09 2020 at 11:59): GitHub (Jan 09 2020 at 11:59):bjorn3 opened Issue #1327:
- What is the feature or code improvement you would like to do in Cranelift? All stack memory and all registers should be clearable when requested by the user of Cranelift.
- What is the value of adding this in Cranelift? This is very useful for cryptographic libraries, where any possible secret leak is one too much.
Do you have an implementation plan, and/or ideas for data structures or
algorithms to use? https://internals.rust-lang.org/t/annotations-for-zeroing-the-stack-of-sensitive-functions-which-deal-in-transient-secrets/11588/8Have you considered alternative implementations? If so, how are they better
or worse than your proposal?
GitHub (Jan 16 2020 at 01:30):sunfishcode commented on Issue #1327:
This probably would be pretty straightforward to implement.
That said, it's important to keep in mind the limitations of such a feature. This wouldn't prevent operating systems from paging out stack pages to persistent storage, or from saving register state during a context switch or a system suspend. It wouldn't prevent libcalls that Cranelift makes implicitly to runtime libraries or libc from leaving state in their stack frames. It wouldn't prevent a longjmp from jumping past a stack frame, or pthread_kill from killing a thread before its frames can be cleared. It wouldn't prevent hardware from keeping copies of the old values in physical registers, caches, or other microarchitectural state. And it wouldn't protect from many varieties of side-channel attacks. And there might be other limitations I haven't thought of.
GitHub (Feb 28 2020 at 23:28):alexcrichton transferred Issue #1327:
- What is the feature or code improvement you would like to do in Cranelift? All stack memory and all registers should be clearable when requested by the user of Cranelift.
- What is the value of adding this in Cranelift? This is very useful for cryptographic libraries, where any possible secret leak is one too much.
Do you have an implementation plan, and/or ideas for data structures or
algorithms to use? https://internals.rust-lang.org/t/annotations-for-zeroing-the-stack-of-sensitive-functions-which-deal-in-transient-secrets/11588/8Have you considered alternative implementations? If so, how are they better
or worse than your proposal?
Last updated: Oct 23 2024 at 20:03 UTC