...
| Code Block | ||
|---|---|---|
| ||
#include <resource.h>
/* ... */
struct rlimit limit;
limit.rlim_cur = 0;
limit.rlim_max = 0;
if(!setrlimit(RLIMIT_CORE, &limit)) {
/* Handle Error */
}
/* Create or otherwise obtain some sensitive data */
fgets(secret, sizeof(secret), stdin);
|
Compliant
...
Solution (privileged process on Unix)
Additionally processes with elevated privileges can disable paging by "locking" memory in place using either mlock() (Unix) or VirtualLock() (Windows). This ensures that memory in never copied to the hard drive where it may be retained indefinitely in non-volatile storage.
...
| Code Block | ||
|---|---|---|
| ||
#include <resource.h>
/* ... */
struct rlimit limit;
limit.rlim_cur = 0;
limit.rlim_max = 0;
if(!setrlimit(RLIMIT_CORE, &limit)) {
/* Handle Error */
}
if(mlock(pwd, MAX_PWD_LEN) != 0) {
/* deal with error */
}
/* Create or otherwise obtain some sensitive data */
fgets(secret, sizeof(secret), stdin);
|
Compliant
...
Solution (privileged process on Windows)
...
| Code Block | ||
|---|---|---|
| ||
#include <resource.h>
/* ... */
struct rlimit limit;
limit.rlim_cur = 0;
limit.rlim_max = 0;
if(!setrlimit(RLIMIT_CORE, &limit)) {
/* Handle Error */
}
if(VirtualLock(pwd, MAX_PWD_LEN) != 0) {
/* deal with error */
}
/* Create or otherwise obtain some sensitive data */
fgets(secret, sizeof(secret), stdin);
|
...