https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69976
--- Comment #7 from David Malcolm <dmalcolm at gcc dot gnu.org> --- (In reply to Jakub Jelinek from comment #6) > But even if you clear the sensitive data from the stack array, it might > still live in the registers from which you stored the sensitive data into > that array etc. I think per-function is better here over per-data. True. My thinking is that the user marks the type as security sensitive, and then any function containing locals of that type is automatically flagged for special cleanup. But maybe that's not enough fine-grained control? By having the user mark the data itself, we could potentially check more things e.g. issue errors/warnings if the data gets passed to anything other than a whitelist of functions, maybe.
