In this 35C3 talk, it is said that while it is possible to manually inspect whether a package optimizes away memset()
that clears sensitive memory, doing it automatically would be challenging. Assuming that the binary is compiled with -ggdb
which IIRC contains source-to-binary mapping, what makes such detection difficult?
Asked
Active
Viewed 91 times
1
d33tah
- 6,524
- 8
- 38
- 60
-
1Have you tried contacting the author of the talk? If the talk is unclear, that would be the person to ask. Also, why would your assumption necessarily be true? – Eric Lippert Jan 02 '19 at 19:31
-
@EricLippert it's not necessarily true - which is why I'm asking about it. – d33tah Jan 02 '19 at 19:39
-
1What I'm getting at is that your assumption makes it sound like the question is "if we assume that detecting this is easy, what makes it hard?" Nothing; we've assumed that it's easy. I don't understand why you've made the assumption. – Eric Lippert Jan 02 '19 at 19:41