Module secmem_alloc::sec_alloc
source · [−]Expand description
An allocator designed to handle security sensitive allocations, i.e. heap memory with confidential contents.
This can be used to store e.g. passwords and secret cryptographic keys in memory. It is not designed to be performant or light on system resources.
The allocator tries to never get swapped out using mlock
on linux. The
amount of memory that can be mlock
ed is very limited for unprivileged
processes so use with care. Allocating too much memory using this allocator
(exceeding the mlock
limit) causes the program to OOM abort using
alloc::alloc::handle_alloc_error
. A process with CAP_SYS_RESOURCE
can
change the mlock
limit using setrlimit
from libc (available in rust
through the secmem-proc
crate).
Various security measures are implemented:
- Zeroization of memory on drop.
- Non-swappable locked memory.
- Memory is not in the program break or global allocator memory pool, therefore at a less predictable address (even when the address to memory in the global allocator leaks). This could make some exploits harder, but not impossible.
Structs
Memory allocator for confidential memory. See the module level documentation.