Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Sanitize memory and CPU registers for sensitive data #17046
As part as exploit mitigation (#15179), it's important for sensitive data like cryptographic keys (especially for perfect forward secrecy) to be able to securely wipe them as soon as they are not needed. This avoid data to leak because of unsafe code with memory leak (e.g. Heartbleed), arbitrary code execution, suspend to disk, cold boot attack…
Good article on the subject: http://benpfaff.org/papers/shredding.html/index.html
It would be handy to be able to annotate types (e.g.
Memory exploit mitigations (#15179) aren't really related to this. I don't think there's any additional compiler feature that's necessary.
Rust already has volatile versions of memcpy, memset and memmove.
This isn't something that could be done automatically for types in Rust. The standard library could provide a good module for memory mappings in the future, but that's an independent feature request.
It's not possible to implement this in the Rust compiler. It might be in the scope of the LLVM project, and then it could be exposed here, but I doubt there's enough interest to get it done.
The tools to do this don't exist in LLVM. Rust also leaves far too much up to
You can already implement a destructor zeroing a type, and it could be done via a custom deriving attribute if desired. Implement it as a syntax extension outside of the standard library first, and then file a feature request if it's being used by enough projects to show that it's not a very small niche. It's not going to be anywhere close to a full solution though, because types like
non-bitrotted version of [cfe-dev] archive link: http://lists.llvm.org/pipermail/cfe-dev/2014-September/039044.html