summaryrefslogtreecommitdiffstats
path: root/man3/bzero.3
diff options
context:
space:
mode:
Diffstat (limited to 'man3/bzero.3')
-rw-r--r--man3/bzero.3158
1 files changed, 0 insertions, 158 deletions
diff --git a/man3/bzero.3 b/man3/bzero.3
deleted file mode 100644
index 59b30ab..0000000
--- a/man3/bzero.3
+++ /dev/null
@@ -1,158 +0,0 @@
-'\" t
-.\" Copyright (C) 2017 Michael Kerrisk <mtk.manpages@gmail.com>
-.\"
-.\" SPDX-License-Identifier: Linux-man-pages-copyleft
-.\"
-.TH bzero 3 2023-10-31 "Linux man-pages 6.7"
-.SH NAME
-bzero, explicit_bzero \- zero a byte string
-.SH LIBRARY
-Standard C library
-.RI ( libc ", " \-lc )
-.SH SYNOPSIS
-.nf
-.B #include <strings.h>
-.P
-.BI "void bzero(void " s [. n "], size_t " n );
-.P
-.B #include <string.h>
-.P
-.BI "void explicit_bzero(void " s [. n "], size_t " n );
-.fi
-.SH DESCRIPTION
-The
-.BR bzero ()
-function erases the data in the
-.I n
-bytes of the memory starting at the location pointed to by
-.IR s ,
-by writing zeros (bytes containing \[aq]\e0\[aq]) to that area.
-.P
-The
-.BR explicit_bzero ()
-function performs the same task as
-.BR bzero ().
-It differs from
-.BR bzero ()
-in that it guarantees that compiler optimizations will not remove the
-erase operation if the compiler deduces that the operation is "unnecessary".
-.SH RETURN VALUE
-None.
-.SH ATTRIBUTES
-For an explanation of the terms used in this section, see
-.BR attributes (7).
-.TS
-allbox;
-lbx lb lb
-l l l.
-Interface Attribute Value
-T{
-.na
-.nh
-.BR bzero (),
-.BR explicit_bzero ()
-T} Thread safety MT-Safe
-.TE
-.SH STANDARDS
-None.
-.SH HISTORY
-.TP
-.BR explicit_bzero ()
-glibc 2.25.
-.IP
-The
-.BR explicit_bzero ()
-function is a nonstandard extension that is also present on some of the BSDs.
-Some other implementations have a similar function, such as
-.BR memset_explicit ()
-or
-.BR memset_s ().
-.TP
-.BR bzero ()
-4.3BSD.
-.IP
-Marked as LEGACY in POSIX.1-2001.
-Removed in POSIX.1-2008.
-.SH NOTES
-The
-.BR explicit_bzero ()
-function addresses a problem that security-conscious applications
-may run into when using
-.BR bzero ():
-if the compiler can deduce that the location to be zeroed will
-never again be touched by a
-.I correct
-program, then it may remove the
-.BR bzero ()
-call altogether.
-This is a problem if the intent of the
-.BR bzero ()
-call was to erase sensitive data (e.g., passwords)
-to prevent the possibility that the data was leaked
-by an incorrect or compromised program.
-Calls to
-.BR explicit_bzero ()
-are never optimized away by the compiler.
-.P
-The
-.BR explicit_bzero ()
-function does not solve all problems associated with erasing sensitive data:
-.IP \[bu] 3
-The
-.BR explicit_bzero ()
-function does
-.I not
-guarantee that sensitive data is completely erased from memory.
-(The same is true of
-.BR bzero ().)
-For example, there may be copies of the sensitive data in
-a register and in "scratch" stack areas.
-The
-.BR explicit_bzero ()
-function is not aware of these copies, and can't erase them.
-.IP \[bu]
-In some circumstances,
-.BR explicit_bzero ()
-can
-.I decrease
-security.
-If the compiler determined that the variable containing the
-sensitive data could be optimized to be stored in a register
-(because it is small enough to fit in a register,
-and no operation other than the
-.BR explicit_bzero ()
-call would need to take the address of the variable), then the
-.BR explicit_bzero ()
-call will force the data to be copied from the register
-to a location in RAM that is then immediately erased
-(while the copy in the register remains unaffected).
-The problem here is that data in RAM is more likely to be exposed
-by a bug than data in a register, and thus the
-.BR explicit_bzero ()
-call creates a brief time window where the sensitive data is more
-vulnerable than it would otherwise have been
-if no attempt had been made to erase the data.
-.P
-Note that declaring the sensitive variable with the
-.B volatile
-qualifier does
-.I not
-eliminate the above problems.
-Indeed, it will make them worse, since, for example,
-it may force a variable that would otherwise have been optimized
-into a register to instead be maintained in (more vulnerable)
-RAM for its entire lifetime.
-.P
-Notwithstanding the above details, for security-conscious applications, using
-.BR explicit_bzero ()
-is generally preferable to not using it.
-The developers of
-.BR explicit_bzero ()
-anticipate that future compilers will recognize calls to
-.BR explicit_bzero ()
-and take steps to ensure that all copies of the sensitive data are erased,
-including copies in registers or in "scratch" stack areas.
-.SH SEE ALSO
-.BR bstring (3),
-.BR memset (3),
-.BR swab (3)