[PATCH] memset_s() and talloc_set_secure()

Andrew Bartlett abartlet at samba.org
Wed Mar 27 02:51:37 UTC 2019

On Tue, 2019-03-26 at 19:42 -0700, Jeremy Allison wrote:
> On Wed, Mar 27, 2019 at 02:13:17PM +1300, Andrew Bartlett via samba-technical wrote:
> > All I can say is we had an agreed approach, and we have reviewed
> > patches but now we are back in the weeds.
> Well let's get more data first on the costs of the flag
> approach. If it's costly, then refusing it is clear.


> If it's cheap, then we should look more carefully
> at the flag approach because Simo's security arguments
> are valid (IMHO).

On that, we should be clear: this, like my talloc magic work, is
hardening, not security.  If we found that memset_s() was actually a
no-op, we would be sad, but wouldn't ship a CVE. 

> Don't want extra complexity we have to pay for if
> it's not going to be used, but marking memory as
> 'sensitive' does seem to be a feature that will get
> used (as we handle security-sensitive data inside
> Samba quite a bit).

Thanks for organising to get some data.

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT   

More information about the samba-technical mailing list