从内存中删除敏感信息
[英]Erasing sensitive information from memory
问题描述
After reading this question I'm curious how one would do this in C. When receiving the information from another program, we probably have to assume that the memory is writable. 
读完这个问题后,我很好奇如何用C语言做这件事。当从另一个程序接收信息时,我们可能不得不假设内存是可写的。
I have found this stating that a regular memset maybe optimized out and this comment stating that memsets are the wrong way to do it. 我发现这说明一个常规的memset可能已经优化了, 这个评论说明memset是错误的方法。
1 个解决方案
解决方案1
1 已采纳 2015-02-12 19:57:53
The example you have provided is not quite valid: the compiler can optimize out a variable setting operation when it can detect that there are no side effects and the value is no longer used. 您提供的示例不太有效:编译器可以在检测到没有副作用且不再使用该值时优化输出变量。
So, if your code uses some shared buffer, accessible from multiple locations, the memset would work fine. 因此,如果您的代码使用了一些可从多个位置访问的共享缓冲区,则memset可以正常工作。 Almost. 几乎。
Different processors use different caching policies, so you might have to use memory barriers to ensure the data (zero's) have reached memory chip from the cache. 不同的处理器使用不同的缓存策略,因此您可能必须使用内存屏障来确保数据(零)已从缓存到达内存芯片。
So, if you are not worried about hardware level details, making sure compiler can't optimize out operation is sufficient. 因此,如果您不担心硬件级别的详细信息,请确保编译器无法优化输出操作就足够了。 For example, memsetting block before releasing it would be executed. 例如,将释放释放块之前的memsetting块。
If you want to ensure the data is removed from all hardware items, you need to check how the data caching is implemented on your platform and use appropriate code to force cache flush, which can be non-trivial on multi-core machine. 如果要确保从所有硬件项中删除数据,则需要检查平台上如何实现数据缓存,并使用适当的代码强制缓存刷新,这在多核计算机上可能非常重要。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.