Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

proposal: runtime: add SecureErase and MarkSecureEraseOnFinalize functionality #44018

Closed
magicalo opened this issue Jan 30, 2021 · 3 comments
Closed

Comments

@magicalo
Copy link

@magicalo magicalo commented Jan 30, 2021

What version of Go are you using (go version)?

$ go version go1.15.6 linux/amd64

Does this issue reproduce with the latest release?

This is not an issue, but instead a feature request.
While I can write my own SecureErase and SecureEraseOnFinalize, it would be fantastic if the runtime had a method to do this. (I could not find a method call that does the SecureErase part, though I can do it with some of the runtime components like KeepAlive or the Finalize component myself.

What is being requested is to build this into the runtime as a feature. Developers than can erase any sensitive data to reduce the window of opportunity for a memory-dump analysis or a HeatBleed style protocol attack. In other words a way to minimize the time in memory that a sensitive piece of information is available.

What operating system and processor architecture are you using (go env)?

Linux

go env Output
$ go env
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/home/./.cache/go-build"
GOENV="/home/./.config/go/env"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/home/./go/pkg/mod"
GONOPROXY="github..com"
GONOSUMDB="github..com"
GOOS="linux"
GOPATH="/home/./go"
GOPRIVATE="github.com"
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/snap/go/6745"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/snap/go/6745/pkg/tool/linux_amd64"
GCCGO="gccgo"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/home/./go.mod"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build851289857=/tmp/go-build -gno-record-gcc-switches"

What did you do?

This is a feature ask.

What did you expect to see?

I would like a runtime.SecureErase(interface{}) and a runtime.MarkSecureEraseAtFinalize(interface{}) method to ensure zero of memory at explicit call-time or zero of memory before GC.

What did you see instead?

I had to write this myself.

@seankhliao seankhliao changed the title Golang Runtime SecureErase or SecureEraseOnFinalize proposal: runtime: add SecureErase or SecureEraseOnFinalize functionality Jan 30, 2021
@gopherbot gopherbot added this to the Proposal milestone Jan 30, 2021
@ALTree
Copy link
Member

@ALTree ALTree commented Jan 30, 2021

Lengthy discussion about this (including several people even doubting this can actually be implemented in Go) at #21865. I would be tempted to suggest we keep all the discussion in that thread.

@magicalo magicalo changed the title proposal: runtime: add SecureErase or SecureEraseOnFinalize functionality proposal: runtime: add SecureErase and MarkSecureEraseOnFinalize functionality Jan 30, 2021
@ianlancetaylor ianlancetaylor added this to Incoming in Proposals Feb 17, 2021
@rsc
Copy link
Contributor

@rsc rsc commented Feb 17, 2021

Closing as duplicate of #21865.

@seankhliao seankhliao closed this Feb 17, 2021
@rsc rsc moved this from Incoming to Declined in Proposals Feb 17, 2021
@rsc
Copy link
Contributor

@rsc rsc commented Feb 17, 2021

No change in consensus, so declined.
— rsc for the proposal review group

Edit: Oops, I need to fix the bot's handling of duplicate issues. Sorry for the confusing message!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Proposals
Declined
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
6 participants