Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Frank Knobbe (fknobbe_at_knobbeits.com)
Date: Thu Oct 31 2002 - 10:56:33 CST
On Wed, 2002-10-30 at 10:11, Peter Gutmann wrote:
> When compiled with any level of optimisation using gcc, the key clearing call
> goes away because of dead code elimination (see the MSDN article for more
> details on this, which uses VC++ to get the same effect). While you can
> kludge enough stuff around a custom memory-clear call to fool the optimiser
> (hacks with 'volatile', touching the memory after it's cleared and hoping the
> optimiser is fooled, etc etc) there's no guarantee that it'll work for
> anything but the compiler(s) you happen to test it with - any future
> enhancement to the optimiser may turn it back into a nop. What it really
> needs is the addition of a #pragma dont_remove_this_code_you_bastard in the
> compiler. Until then, a lot of security code will be affected by this
The off-list discussion about band-aids was fun. Regarding the pragma,
it does exist for VC++.
#pragma optimize( "", off )
Turns off all optimization.
#pragma optimize( "", on )
Restores the optimization settings to the original values.
I haven't looked at gcc yet, but even if it had such a #pragma, there is
always the issue of developer education. But this is what your post was
about I believe...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
-----END PGP SIGNATURE-----