SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 57

changes.mady.by.user Aaron Ballman

Saved on

compared with

New Version 58

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Developers should take steps to prevent sensitive information such as passwords, cryptographic keys, and other secrets from being inadvertently leaked. This includes Preventive measures include attempting to prevent keep such data from being written to disk.

Two common mechanisms by which data is inadvertently written to disk are swapping and core dumps.

Many general-purpose operating systems implement a virtual memory–management -memory-management technique called paging (also called swapping) to transfer pages between main memory and an auxiliary store, such as a disk drive. This feature is typically implemented as a task running in the kernel of the operating system, and its operation is invisible to the running program.

A core dump is the recorded state of process memory written to disk for later examination by a debugger. Core dumps are typically generated when a program has terminated abnormally, either through an error resulting in a crash or by receiving a signal that causes such a termination.

The POSIX standard system call for controlling resource limits, setrlimit(), can be used to disable the creation of core dumps. This , which prevents an attacker with the ability to halt the program from gaining access to sensitive data that might be contained in the dump.

...

Processes with elevated privileges can disable paging by locking memory in place using the POSIX mlock() function [Open Group 2004]. This Disabling paging ensures that memory is never copied to the hard drive, where it may be retained indefinitely in nonvolatile storage.

...

Note that locking pages of memory on Windows may fail due to because the operating system allows the process to lock only being given a small number of pages it is allowed to lock by the operating system.   If your an application requires more locked additional locked pages, you can use the SetProcessWorkingSetSize() API can be used to increase the application's minimum working set size.   Locking pages has severe performance consequences and should be used sparingly.

...

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

MEM06-C

mediumMedium

unlikelyUnlikely

highHigh

P2

L3

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...

Bibliography

[Open Group 04]mlock(),
setrlimit()
[Wheeler 2003]Section 7.14
Section 11.4

...