...
Processes with elevated privileges can disable paging by locking memory in place using the POSIX mlock() function [Open Group 2004]. This ensures that memory is never copied to the hard drive, where it may be retained indefinitely in nonvolatile storage.
This compliant solution not only disables the creation of core files but also ensures that the buffer is not swapped to hard disk.
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <sys/resource.h>
/* ... */
struct rlimit limit;
limit.rlim_cur = 0;
limit.rlim_max = 0;
if (setrlimit(RLIMIT_CORE, &limit) != 0) {
/* Handle error */
}
long pagesize = sysconf(_SC_PAGESIZE);
if (pagesize == -1) {
/* Handle error */
}
char *secret_buf;
char *secret;
secret_buf = (char *)malloc(size+1+pagesize);
if (!secret_buf) {
/* Handle error */
}
/* mlock() may require that the address isbe a multiple of PAGESIZE */
secret = (char *)((((intptr_t)secret_buf + pagesize - 1) / pagesize) * pagesize);
if (mlock(secret, size+1) != 0) {
/* Handle error */
}
/* Perform operations using secret... */
if (munlock(secret, size+1) != 0) {
/* Handle error */
}
secret = NULL;
free(secret_buf);
secret_buf = NULL;
|
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
...
...
| Memory locking |
...
| [XZX] |
| MITRE CWE |
...
...
| Sensitive data storage in improperly locked memory |
...
...
...
| Information leak through core dump files |
...
Bibliography
...
| 04] | mlock(), setrlimit() |
| [Wheeler 2003] |
...
| Section 7.14 |
...
Section 11.4 |
...