Hello everyone,
attached you will find a new patch which takes Daniel's feedback into
account:
- Replaced random overwrite with secure zeroing using SecureZeroMemory [2]
- Option renamed from --disable-memory-overwrite to --disable-clear-memory
- Define renamed from LIBSSH2_MEMORY_OVERWRITE to LIBSSH2_CLEAR_MEMORY
On 18.05.2014 19:12, Marc Hoersken wrote:
> On 18.05.2014 19:02, Daniel Stenberg wrote:
>> This option only disables the random fill of the free data, it still
>> overwrites memory - only with zeros instead. So it doesn't disable
>> memory overwrite at all.
> You are right, [snip]
>
>> A question though: is there really anyone who suggests that it is
>> safer to fill the data with random data rather than just zeros? I just
>> can't see the point with doing such a slow operation and waste random
>> seed on this.
> I don't have specific expertise in this area, but I think a reason could
> be that a compiler might be tempted to optimize memset(buf, 0, len) out.
>
> Looking at the memory erasure procedure of the Tails operating system
> [1], it seems like overwriting with zeros is enough.
The feature now overwrites the data in internal memory buffers with
zeros using the secure functionality provided by the OS. If this feature
is ever expanded to other backends and of course different operating
systems, such a function would need to be provided and used.
Thanks, Daniel!
Please review the new patch. Any feedback is welcome. I guess the patch
should also include some warning about it only being available for
Windows with WinCNG for now before being merged at the current stage of
the implementation.
Best regards,
Marc
[1] https://tails.boum.org/contribute/design/memory_erasure/
[2] http://msdn.microsoft.com/en-us/library/windows/desktop/aa366877.aspx
Received on 2014-06-19