Crate secbox [−] [src]

SecBox.

This crate provides a security primitive, SecBox, which tries to limit the damage of common vulnerabilities.

Vulerabilities

Stack or local out-of-bound indexing: You can usually use buffer overflow to read the stack, but if you need to deref the element to get the data, you often cannot know how much to offset by (that is, you don't know at what address the array starts). Scanning linearly is unproductive (especially since the data doesn't line up) and quickly results in segfault.
Partial memory dumps: Partial memory dumps (e.g. page dumps or CPU cache dumps) are avoided by discontinuity, which means that partial memory segments would rarely contain interesting data.
Swap RAM data leaks: To avoid the memory being written to persistent memory (and thus easier to access), we memlock the internal data, making sure that the data never leaves the temporary memory.
Read of uninitialized data: Uninitialized reads is a rare bug in Rust, but it is common in C and C++ and thus Rust bindings to libraries written in those. For this reason, we make sure that the data overwritten it with zeros, and thus made unaccessible after free.
Crash dump data leaks: Due to zeroing data, crash dumps are often limited in exposure of sensitive data.

SecBox doesn't mean that the inner data is completely protected. You still need to make sure it is handled properly and not leaked by other means.

A secure box.