An allocator designed to handle security sensitive allocations, i.e. heap memory with confidential contents.
This can be used to store e.g. passwords and secret cryptographic keys in memory. It is not designed to be performant or light on system resources.
The allocator tries to never get swapped out using
mlock on linux. The
amount of memory that can be
mlocked is very limited for unprivileged
processes so use with care. Allocating too much memory using this allocator
mlock limit) causes the program to OOM abort using
alloc::alloc::handle_alloc_error. A process with
mlock limit using
setrlimit from libc (available in rust
Various security measures are implemented:
- Zeroization of memory on drop.
- Non-swappable locked memory.
- Memory is not in the program break or global allocator memory pool, therefore at a less predictable address (even when the address to memory in the global allocator leaks). This could make some exploits harder, but not impossible.
Memory allocator for confidential memory. See the module level documentation.