Zero out the heap before exit | Together C & C++ | Page 1

storm siren Jan 20, 2025, 7:59 AM

#

I am building a security-critical application and want to ensure that the entire process heap is zeroed out before the program exits ungracefully (I have a kill macro which essentially forcefully exits by calling __builtin_trap or triggering a segfault) and I want to make sure all the secrets are freed before the program exits.
This macro is intended for unrecoverable/very critical failures for example an munlock failure.

What is the best way to implicitly handle this rather than making sure a memory cleanup is done before kill is called?

keen jettyBOT Jan 20, 2025, 7:59 AM

#

When your question is answered use !solved to mark the question as resolved.

Remember to ask specific questions, provide necessary details, and reduce your question to its simplest form. For tips on how to ask a good question use !howto ask.

onyx wharf Jan 20, 2025, 9:40 AM

#

If you're worried about heap after exit, should you also not be worried about heap before exit (i.e. runtime)?
Anything can peek memory.

storm siren Jan 20, 2025, 12:24 PM

#

onyx wharf If you're worried about heap _after_ exit, should you also not be worried about ...

So before exit I try to minimize secret data in-memory by only having data that can't be derived (but unfortunately that's most of it e.g. private keys) but I make sure any allocated memory containing secrets is swept before it is freed.

After an exit however, that memory is no longer in the process scope and the OS will most likely allocate it to another process with your secrets in the memory. So at that point you're just asking for trouble

#

Im looking for a way to overwrite the entire process heap (stack is a bit more dangerous) but I try to keep sensitive data in the heap anyways

#

So in case there's any memory still in use it gets zeroed out before exit

#Zero out the heap before exit