On Mon, Mar 4, 2019 at 11:44 AM P J P <p...@fedoraproject.org> wrote: > > On Tuesday, 19 February, 2019, 3:55:35 PM IST, P J P <p...@fedoraproject.org> > wrote: > > > >Hello, > > > > -> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87210 > > > >This RFE is about providing gcc option(s) to eliminate information leakage > >issues from programs. Information leakage via uninitialised memory has been > >a chronic/recurring issue across all software. They are found quite often > >and may lead to severe effects if found in system software/kernel, OR an > >application which handles sensitive information. > > > >Various projects/efforts are underway to keep such information exposure > >from happening > > > >* STACKLEAK - http://lkml.iu.edu/hypermail/linux/kernel/1810.3/00522.html > >* KLEAK - https://netbsd.org/gallery/presentations/maxv/kleak.pdf > >* https://j00ru.vexillium.org/papers/2018/bochspwn_reloaded.pdf > > > >But these are still external corrections to improve specific project and/or > >software. It does not help to fix/eliminate all information leakage issues. > >Automatic memory initialisation: > > > >* https://lists.llvm.org/pipermail/cfe-dev/2018-November/060172.html > >* https://reviews.llvm.org/D54604 > > > >It'd be immensely helpful and welcome if gcc(1) could provide compile/build > >time options to enable/disable - automatic memory initialisation. > > > >Could we please consider it as more viable/useful option? > > Ping...!
Patches welcome(?) Richard. > --- > -P J P > http://feedmug.com
