[PATCH] memset_s() and talloc_set_secure()

Jeremy Allison jra at samba.org
Wed Mar 27 15:47:05 UTC 2019

On Wed, Mar 27, 2019 at 11:51:59AM +0100, Andreas Schneider wrote:
> On Wednesday, March 27, 2019 3:42:58 AM CET Jeremy Allison wrote:
> > On Wed, Mar 27, 2019 at 02:13:17PM +1300, Andrew Bartlett via samba-
> technical wrote:
> > > All I can say is we had an agreed approach, and we have reviewed
> > > patches but now we are back in the weeds.
> > 
> > Well let's get more data first on the costs of the flag
> > approach. If it's costly, then refusing it is clear.
> > 
> > If it's cheap, then we should look more carefully
> > at the flag approach because Simo's security arguments
> > are valid (IMHO).
> > 
> > Don't want extra complexity we have to pay for if
> > it's not going to be used, but marking memory as
> > 'sensitive' does seem to be a feature that will get
> > used (as we handle security-sensitive data inside
> > Samba quite a bit).
> Just to be clear and to avoid double work, you will work on the performance 
> test?

Not immediately. I have some ideas on how it needs
doing, but I'm not going to be able to get to this

> I've extended the talloc_realloc() tests in my branch to prove that increasing 
> and decreasing the memory correctly call memset_s() and also that 
> talloc_realloc(0) frees the memory and zeros it.

Sure, correctness isn't the issue (although I'm
glad it works), performance is.

More information about the samba-technical mailing list