snmalloc icon indicating copy to clipboard operation
snmalloc copied to clipboard
verified publisher icon microsoft

Introduce a new compilation option to zero inline metadata pointers

Open rmn30 opened this issue 3 years ago • 2 comments

in allocations before returning to user. This is important on CHERI to avoid leaking capabilities and may also reduce the attack surface on other architecutres. This includes: Freelist pointers. RBTree metadata used by smallbuddyallocator.

rmn30 avatar May 19 '22 14:05 rmn30

I am not sure which provides more security.

I'm not sure either. InitAll concluded that zero was the best value for uninitialised memory and I previously handwaved about avoiding leaking secrets, so happy to enable for CHECK_CLIENT case if you want.

Then again I thought the aim was to decompose the CHECK_CLIENT ifdef into more granular ones.

rmn30 avatar May 19 '22 15:05 rmn30

I am not sure which provides more security.

I'm not sure either. InitAll concluded that zero was the best value for uninitialised memory and I previously handwaved about avoiding leaking secrets, so happy to enable for CHECK_CLIENT case if you want.

Then again I thought the aim was to decompose the CHECK_CLIENT ifdef into more granular ones.

Mostly I was observing the change in defaults. Leave as is for now, I think we will need to think a bit about how to correctly decompose and configure the choices.

mjp41 avatar May 19 '22 19:05 mjp41

This has been done in other PRs now.

mjp41 avatar Mar 23 '23 14:03 mjp41