secmem
| Crates.io | secmem |
| lib.rs | secmem |
| version | 0.0.1 |
| created_at | 2021-09-05 18:07:08.683952+00 |
| updated_at | 2025-03-23 10:41:30.383603+00 |
| description | Reserved for the `secmem-` family of crates |
| homepage | |
| repository | |
| max_upload_size | |
| id | 447235 |
| size | 2,527 |
(niluxv)
documentation
README
Reserved for the secmem-* family of crates.
The secmem family of crates aims to provide tools to improve the confidentiality of memory used to storage of secrets. It currently consists of the following crates:
secmem-alloc: This crate can be used by both by library crates as well as binary crates. It provides allocators specifically aimed at storing secrets. For example, these allocators zero the memory after deallocation, so secrets are not kept in memory longer than neccessary. Additional protections include "locking" memory so that the contents won't be written to (a potentially unencrypted, on-disk) swap.secmem-proc: This crate is intended mainly to be used by binary crates. It provides functions to harden processes, i.e. reducing the control other non-privilegded processes can exert over the given process. Examples of harding techniques include disabling tracing (which gives another process full control over the given process) and the generation of core dumps (which might dump secrets from memory to disk).