[PATCH] memset_s() and talloc_set_secure()
Andrew Bartlett
abartlet at samba.org
Wed Mar 27 02:51:37 UTC 2019
On Tue, 2019-03-26 at 19:42 -0700, Jeremy Allison wrote:
> On Wed, Mar 27, 2019 at 02:13:17PM +1300, Andrew Bartlett via samba-technical wrote:
> > All I can say is we had an agreed approach, and we have reviewed
> > patches but now we are back in the weeds.
>
> Well let's get more data first on the costs of the flag
> approach. If it's costly, then refusing it is clear.
OK.
> If it's cheap, then we should look more carefully
> at the flag approach because Simo's security arguments
> are valid (IMHO).
On that, we should be clear: this, like my talloc magic work, is
hardening, not security. If we found that memset_s() was actually a
no-op, we would be sad, but wouldn't ship a CVE.
> Don't want extra complexity we have to pay for if
> it's not going to be used, but marking memory as
> 'sensitive' does seem to be a feature that will get
> used (as we handle security-sensitive data inside
> Samba quite a bit).
Thanks for organising to get some data.
Andrew Bartlett
--
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT
https://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list