Write section on securely clearing memory in C/C++ and undefined behaviour.
Closed this issue · 7 comments
see TODO in book.
The upcoming Silent Bugs Matter: A Study of Compiler-Introduced Security Bugs publication at USENIX'32, first author @H0w1, presents an analysis of how optimizing compilers can generate security vulnerabilities in binary code where that security vulnerability is not present in the source code.
At first sight, it seems that a summary of the insights in that paper could be a good section for the book.
Securely clearing memory is just one of the types of issues of a more general class of so-called Compiler-Introduced Security Bugs (CISB).
Hi,
Also the examples in Undefined Behavior: What Happened to My Code? would make very good candidates for a section about the security vulnerabilities introduced by compiler optimizations.
Hi,
Also the examples in Undefined Behavior: What Happened to My Code? would make very good candidates for a section about the security vulnerabilities introduced by compiler optimizations.
Thank you very much for sharing that paper @lucic71 ! It does look like the examples in that paper are good candidates indeed to describe in such a section in the book.
@all-contributors please add @lucic71 for bugs, ideas
I've put up a pull request to add @candidates! 🎉
I couldn't determine any contributions to add, did you specify any contributions?
Please make sure to use valid contribution names.
I've put up a pull request to add @lucic71! 🎉
@kbeyls I have some drafts for a section covering the security vulnerabilities introduced by compilers, I will open a PR in the following days with that if that's ok with you.