...
Disable memory dumps in your program.
| Wiki Markup |
|---|
Memory dumps are automatically created when your program crashes. These memory dumps can contain information stored in any part of program memory. It is advised to disable memory dumps in the program that is being shipped to the user. This might not be possible on Windows, but on linux, this can be done as follows \[[#1]\]: |
| Code Block |
|---|
|
#include <sys/time.h>
#include <sys/resource.h>
#include <unistd.h>
int main(int argc, char **argv){
struct rlimit rlim;
getrlimit(RLIMIT_CORE, &rlim);
rlim.rlim_max = rlim.rlim_cur = 0;
if(setrlimit(RLIMIT_CORE, &rlim)) {
// unable to secure data.
exit(-1);
}
...
|
...
Do not store the sensitive data on disk in plaintext
| Wiki Markup |
|---|
See [MEM06-C. Ensure that sensitive data is not written out to disk]. |
While using passwords, consider storing its hash instead of plaintext. Use the hash for comparisons and other purposes. The following code \[[#1]\] illustrates this: |
| Code Block |
|---|
|
int validate(char *username) {
char *password;
char *checksum;
password = read_password();
checksum = compute_checksum(password);
erase(password);
return !strcmp(checksum, get_stored_checksum(username));
}
|
...
- Be aware of compiler optimization MSC06-C. Be aware of compiler optimization when dealing with sensitive data while erasing memory.
| Wiki Markup |
|---|
Use secure erase methods specified in US Department of Defense Standard 5220 \[[#2]\] or Peter Gutmann's paper \[[#3]\]. |
Risk Assessment
If sensitive data is not handled correctly in a program, attacker can gain access to it.
...
