...
| Code Block |
|---|
|
#include <resource.h>
/* ... */
struct rlimit limit;
limit.rlim_cur = 0;
limit.rlim_max = 0;
if(!setrlimit(RLIMIT_CORE, &limit)) {
/* Handle Error */
}
/* Create or otherwise obtain some sensitive data */
fgets(secret, sizeof(secret), stdin);
|
Compliant Code Example (privileged process on Unix)
Additionally processes with elevated privileges can disable paging by "locking" memory in place using either mlock() (Unix) or VirtualLock() (Windows). This ensures that memory in never copied to the hard drive where it may be retained indefinitely in non-volatile storage.
This compliant solution not only disables the creation of core files, but also ensures that the buffer is not swapped to hard disk.
| Code Block |
|---|
|
#include <resource.h>
/* ... */
struct rlimit limit;
char *secret;
size_t size = strlen(input);
if (size == SIZE_MAX) {
limit.rlim_cur = 0;
limit.rlim_max = 0;
if(!setrlimit(RLIMIT_CORE, &limit)) {
/* Handle Error */
}
if(mlock(pwd, MAX_PWD_LEN) != 0) {
/* Handledeal with Errorerror */
}
/* Create or otherwise obtain some sensitive data */
fgets(secret, sizeof(secret), stdin);
|
Compliant Code Example (privileged process on Windows)
This compliant solution not only disables the creation of core files, but also ensures that the buffer is not swapped to hard disk.
| Code Block |
|---|
|
#include <resource.h>
/* ... */
struct rlimit limit;
limit.rlim_cur = 0;
limit.rlim_max = 0;
if(!setrlimit(RLIMIT_CORE, &limit)) {
= malloc(size+1);
if (!secret) {
/* Handle Error */
}
strcpyif(VirtualLock(secretpwd, input);
MAX_PWD_LEN) != 0) {
/* Performdeal operations using secret...with error */
}
free(secret);
/* ...Create or otherwise obtain some sensitive data */
fgets(secret, sizeof(secret), stdin);
|
Exceptions
Risk Assessment
...
