[strongSwan-dev] Memwipe of loaded secrets through VICI

Tobias Brunner tobias at strongswan.org
Thu Sep 30 15:42:18 CEST 2021

Hi Jean-Francois,

Thanks for the report and patch.  I pushed several of these fixes (some 
with modifications) to the wipe-secrets branch, plus also added code to 
wipe the swanctl.conf file from memory in swanctl.

I'm not entirely sure about the chunk_map() changes, though.  As far as 
I can tell, after munmap() has been called, the process can't access 
that memory anymore (causes a segmentation fault).  And mapping the same 
memory with MAP_ANONYMOUS and MAP_UNINITIALIZED (to prevent the 
initialization of the non-file backed area to zero) doesn't seem 
possible on generic kernels as it requires the 
CONFIG_MMAP_ALLOW_UNINITIALIZED kernel option, which is usually not 
enabled for security reasons.  But since it's useful on platform that 
don't provide mmap() (e.g. Windows), I still pushed patches.

Let me know what you think.


More information about the Dev mailing list