Hello, -> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87210
This RFE is about providing gcc option(s) to eliminate information leakage issues from programs. Information leakage via uninitialised memory has beena chronic/recurring issue across all software. They are found quite often andmay lead to severe effects if found in system software/kernel, OR an applicationwhich handles sensitive information. Various projects/efforts are underway to keep such information exposurefrom happening * STACKLEAK - http://lkml.iu.edu/hypermail/linux/kernel/1810.3/00522.html * KLEAK - https://netbsd.org/gallery/presentations/maxv/kleak.pdf* https://j00ru.vexillium.org/papers/2018/bochspwn_reloaded.pdf But these are still external corrections to improve specific project and/orsoftware. It does not help to fix/eliminate all information leakage issues. Automatic memory initialisation: * https://lists.llvm.org/pipermail/cfe-dev/2018-November/060172.html * https://reviews.llvm.org/D54604 It'd be immensely helpful and welcome if gcc(1) could provide compile/buildtime options to enable/disable - automatic memory initialisation. Could we please consider it as more viable/useful option? Thank you.--- -P J P http://feedmug.com
