[Cryptography] WIPEONFORK in Linux 4.14

Nico Williams nico at cryptonector.com
Mon Nov 27 12:58:28 EST 2017

On Sun, Nov 26, 2017 at 11:16:00AM +0000, Peter Gutmann wrote:
> Colm MacCárthaigh <colm at allcosts.net> writes:
> >For crypto libraries this is particularly useful:
> It's actually not that useful unless you rewrite your code's memory handling
> just so you can use it.  [...]

C libraries should provide a secure_malloc() (and calloc and realloc)
whose allocation can be freed with free(), and which means "don't write
to unencrypted swap" and "don't allow underprivileged debuggers to see
this".  A "wipe on fork()" variant, or a flags argument by which to
specify desired (critical!) allocation options would be nice.

pthread_atfork() suffices for fork-safety for userland PRNGs, though an
mmap() wipe-on-fork option does seem more likely to be more robust.


More information about the cryptography mailing list