Skip to content

Sanitization 1.0.0-rc.5

Pre-release
Pre-release

Choose a tag to compare

View all tags
@eldryoth eldryoth released this 07 Jun 12:23
· 16 commits to main since this release
v1.0.0-rc.5
This tag was signed with the committer’s verified signature.
eldryoth
SSH Key Fingerprint: EoLRQ5k4J5pYz3UMFmkrV798gYFNkToGS2xEPvebqB4
Verified
Learn about vigilant mode.
fbc025f
This commit was signed with the committer’s verified signature.
eldryoth
SSH Key Fingerprint: EoLRQ5k4J5pYz3UMFmkrV798gYFNkToGS2xEPvebqB4
Verified
Learn about vigilant mode.

sanitization v1.0.0-rc.5

Release candidate with the latest pentest fixes and documentation updates.

Changes

  • Reinitializes LockedSecretBytes canaries after secure_clear, so canary-checked locked secrets remain reusable after manual clearing.
  • Requires random-canary when using canary-check on WASM, avoiding predictable deterministic canaries on targets without ASLR-backed mapping entropy.
  • Retries Linux AArch64 runtime page-size auxv reads on EINTR.
  • Makes the x86_64 assembly comparison accumulator contract explicit.
  • Updates README, safety notes, and threat model around canary behavior, WASM limitations, and ASLR assumptions.

Verification

  • Full local scripts/checks.sh passed.
  • GitHub CI is green.
  • Pentest follow-up is clean.
Assets 2
Loading
0 Join discussion