Re: using explicit_bzero

On 2019-07-18 00:45, Tom Lane wrote:
> Alvaro Herrera <alvherre@2ndquadrant.com> writes:
>> On 2019-Jul-11, Thomas Munro wrote:
>>> Following a trail of crumbs beginning at OpenSSH's fallback
>>> implementation of this[1], I learned that C11 has standardised
>>> memset_s[2] for this purpose.  Macs have memset_s but no
>>> explicit_bzero.  FreeBSD has both.  I wonder if it'd be better to make
>>> memset_s the function we use in our code, considering its standard
>>> blessing and therefore likelihood of being available on every system
>>> eventually.
> 
>> Sounds like a future-proof way would be to implement memset_s in
>> src/port if absent from the OS (using explicit_bzero and other tricks),
>> and use that.
> 
> +1 for using the C11-standard name, even if that's not anywhere
> in the real world yet.

ISTM that a problem is that you cannot implement a replacement
memset_s() as a wrapper around explicit_bzero(), unless you also want to
implement the bound checking stuff.  (The "s"/safe in this family of
functions refers to the bound checking, not the cannot-be-optimized-away
property.)  The other way around it is easier.

Also, the "s" family of functions appears to be a quagmire of
controversy and incompatibility, so it's perhaps better to stay away
from it for the time being.

-- 
Peter Eisentraut              http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services