[strongSwan-dev] Memwipe of loaded secrets through VICI
Tobias Brunner
tobias at strongswan.org
Thu Sep 30 15:42:18 CEST 2021
Hi Jean-Francois,
Thanks for the report and patch. I pushed several of these fixes (some
with modifications) to the wipe-secrets branch, plus also added code to
wipe the swanctl.conf file from memory in swanctl.
I'm not entirely sure about the chunk_map() changes, though. As far as
I can tell, after munmap() has been called, the process can't access
that memory anymore (causes a segmentation fault). And mapping the same
memory with MAP_ANONYMOUS and MAP_UNINITIALIZED (to prevent the
initialization of the non-file backed area to zero) doesn't seem
possible on generic kernels as it requires the
CONFIG_MMAP_ALLOW_UNINITIALIZED kernel option, which is usually not
enabled for security reasons. But since it's useful on platform that
don't provide mmap() (e.g. Windows), I still pushed patches.
Let me know what you think.
Regards,
Tobias
More information about the Dev
mailing list