Security

Federico Ceratto edited this page Jan 10, 2017 · 3 revisions

Security

Note
The page is Work In Progress

This page documents security aspects of Nim and best practices.

Security features in the language:

  • No pointer arithmetic

  • Taint mode

  • The Effect system can be used for security

  • Nim attempts to generate C code that does not rely on unsecure function/patterns (e.g. unchecked strcpy)

  • The language encourage using immutable and const values

  • Type conversions are memory-safe

  • Low-level memory access allows mlock (TODO: add example) and memory wipe (TODO: add example)

  • Memory regions TODO

Compiling with GCC on Linux

Nim attempts to generate C code that does not rely on unsecure function/patterns. As such, some of the options listed below might be less useful than when building pure-C applications.

All the following options enabled together:

--passC:"-fPIE -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -O1 -fstack-protector-all" --passL:"-fPIE -pie -z relro -z now"

Same entries for nim.cfg:

gcc.options.always = "-w -D_FORTIFY_SOURCE=2 -O1 -Wformat -Wformat-security -fPIE -fstack-protector-all"
gcc.options.linker = "-ldl -fPIE -pie -z relro -z now"

Stack protector

Terminate execution when the stack is being overwritten

nim c --passC:"-fstack-protector-all"

Protect againt fixed-size buffer overflow

nim c --passC:"-D_FORTIFY_SOURCE=2 -O1"

Warn on unsecure prinf usage

nim c --passC:"-Wformat -Wformat-security"

Position independent executable

Enable ASLR

nim c --passC:"-fPIE" --passL:"-fPIE -pie"

Full RELRO

Resolve dynamic symbols at startup and flag the GOT as read-only.

nim c --passL:"-z relro -z now"