1

In this 35C3 talk, it is said that while it is possible to manually inspect whether a package optimizes away memset() that clears sensitive memory, doing it automatically would be challenging. Assuming that the binary is compiled with -ggdb which IIRC contains source-to-binary mapping, what makes such detection difficult?

d33tah
  • 6,524
  • 8
  • 38
  • 60
  • 1
    Have you tried contacting the author of the talk? If the talk is unclear, that would be the person to ask. Also, why would your assumption necessarily be true? – Eric Lippert Jan 02 '19 at 19:31
  • @EricLippert it's not necessarily true - which is why I'm asking about it. – d33tah Jan 02 '19 at 19:39
  • 1
    What I'm getting at is that your assumption makes it sound like the question is "if we assume that detecting this is easy, what makes it hard?" Nothing; we've assumed that it's easy. I don't understand why you've made the assumption. – Eric Lippert Jan 02 '19 at 19:41

0 Answers0