secmem-proc is a crate designed to harden a process against low-privileged attackers running on the same system trying to obtain secret memory contents of the current process.

Related tags

Miscellaneous secmem-proc
Overview

secmem-proc License: MIT OR Apache-2.0 secmem-proc on crates.io Source Code Repository

secmem-proc is a crate designed to harden a process against low-privileged attackers running on the same system trying to obtain secret memory contents of the current process. More specifically, the crate disables core dumps and tries to disable tracing on unix-like OSes.

Note: all the crate does is hardening, i.e. it tries to make attacks harder. It can by no means promise any security! In particular, when an attacker ptrace attaches to the process before harden_process is executed, it is game over for the process. This crate is no substitute for properly hardening your OS (configuration)!

Note that hardening the process also severely limits the ability to debug it. Therefore you are advised to only harden release builds, not debug builds.

Examples

In the below example the main function of some application calls the main hardening function provided by this crate: harden_process. This will perform all available hardening steps on the target platform. If an error is returned then one of the hardening steps failed and the process is quits at the return after printing an error to stdout.

fn main() {
    // call `secmem_proc::harden_process` before doing anything else, to harden the process
    // against low-privileged attackers trying to obtain secret parts of memory which will
    // be handled by the process
    if secmem_proc::harden_process().is_err() {
        println!("ERROR: could not harden process, exiting");
        return;
    }
    // rest of your program
}

If you have the std feature enabled you can get more informative errors using harden_process_std_err instead of harden_process.

Cargo features

  • std (default): Enable functionality that requires std. Currently only required for Error implements and required for tests. This feature is enabled by default.
  • rlimit: Expose a minimal resource limit API in the rlimit module.
  • dev: This feature enables all features required to run the test-suite, and should only be enabled for that purpose.

Implementation

  • Disable ptrace and core dumps on the process on linux using prctl
  • Disable ptrace and core dumps on the process on freebsd using procctl
  • Disable ptrace on macos using ptrace
  • Disable core dumps for the process on posix systems using rlimit

TODOs

  • windows support (DACL)
  • improve tests (how exactly?)
You might also like...
A simple entity-component-system crate for rust with serialization support

Gallium A simple entity-component-system crate for rust with serialization support Usage You can include the library using carge: [dependencies] galli

null 7 Aug 31, 2021
📦 Crate Protocol allows anyone to create, manage, and trade a tokenized basket of assets, which we refer to as a Crate.
📦 Crate Protocol allows anyone to create, manage, and trade a tokenized basket of assets, which we refer to as a Crate.

📦 Crate Protocol Crate Protocol allows anyone to create, manage, and trade a tokenized basket of assets, which we refer to as a Crate. A Crate is alw

Crate Protocol 63 Oct 31, 2022
A thread pool for running multiple tasks on a configurable group of threads.
A thread pool for running multiple tasks on a configurable group of threads.

Threadfin A thread pool for running multiple tasks on a configurable group of threads. Extra features: Dynamic pool size based on load Support for asy

Stephen M. Coakley 46 Dec 5, 2022
Using engines running outside of the browser

External engine (ALPHA) Using engines running outside of the browser

Lichess 43 Dec 31, 2022
Demo of tokio running on esp32 using esp-idf

Tokio running on esp32! This repo demonstrates a working hello world utilizing upstreamed tokio support for esp32. The tokio executor and I/O reactor

Josh Guilfoyle 9 Aug 7, 2023
A firmware for the Clueboard 66% Low Profile keyboard implemented in Rust.
A firmware for the Clueboard 66% Low Profile keyboard implemented in Rust.

Rust Firmware for Clueboard 66% Low Profile Keyboard A firmware for the Clueboard 66% Low Profile keyboard (also known as 66% hotswap) implemented in

Wesley Moore 10 Nov 2, 2022
An implementation of Code Generation and Factoring for Fast Evaluation of Low-order Spherical Harmonic Products and Squares

sh_product An implementation of Code Generation and Factoring for Fast Evaluation of Low-order Spherical Harmonic Products and Squares (paper by John

Simon Brown 7 Dec 2, 2022
A simple and fast FRC autonomous path planner (designed for swerve drive)! (Desktop/Laptop only)

This is a website developed for planning autonomous paths for FRC robots. It is intended to be a simple and fast tool to create autos, which works offline at competitions.

Weaver Goldman 2 Jan 6, 2023
Traits for inspecting memory usage of Rust types

memuse This crate contains traits for measuring the dynamic memory usage of Rust types. About Memory-tracking is a common activity in large applicatio

null 13 Dec 23, 2022
Comments
  • Open to using HeapEnableTerminationOnCorruption and SetProcessDEPPolicy?

    Open to using HeapEnableTerminationOnCorruption and SetProcessDEPPolicy?

    opened by nmathewson 4
  • Complete refactor: anyhow errors, rustix, anti-tracing and configuration

    Complete refactor: anyhow errors, rustix, anti-tracing and configuration

    Almost complete rewrite of the crate.

    • rlimit and most process control system APIs have been ported to rustix
      • closes issue #8
      • on linux this means the crate can do without libc
    • errors now use anyhow
    • added many anti-tracing techniques (especially on windows) to the crate
    • new configuration API in the config module

    Closes #8

    opened by niluxv 3
  • Port `rlimit` to a crate

    Port `rlimit` to a crate

    Port the rlimit code (for disabling core dumps) to a higher-level/safer crate instead of using libc directly.

    Advantages:

    • Reduce maintenance
    • Better support/be more robust for exotic targets
    • Better documented

    Disadvantages:

    • Pulls in a dependency; that will be heavier than our own thing wrappers (specifically aimed at disabling core dumps)

    Below an overview of some potential candidate crates. All seem to have wide target/platform support. Unfortunately only rustix seems to be no_std compatible. It would be very unfortunate to drop no_std support just for this. None of the crates include support for prctl (linux) or procctl (freebsd), but that is not an issue.

    nix

    Advantages:

    • With only the resource flag, precisely everything we need, so quite light-weight (but larger download size)
    • Documented (wide) target support

    Disadvantages:

    • Requires std

    rlimit

    Advantages:

    • Relatively light-weight, only for rlimit

    Disadvantages:

    • Requires std (mainly for std::io::Error)

    rustix

    Advantages:

    • Can use syscalls directly on linux (no libc) But: that doesn't make this crate independent of libc (on linux); we also need prctl and that is not included in rustix, so to be no-libc we would need to port that to a syscall
    • Very nice high-level rlimit API

    Disadvantages:

    • Pulls in a pretty heavy crate for the purpose, even with only the process feature enabled
    opened by niluxv 0
Owner
null
GitHub
A zero-copy parser for the contents of the __unwind_info section of a mach-O binary.

A parser for Apple's Compact Unwinding Format, which is used in the __unwind_info section of mach-O binaries.

Markus Stange 10 May 31, 2022
Example of structuring a proc macro crate for testability

testing-proc-macros Example of structuring a proc macro crate for testability. See accompanying blog post for details. License Licensed under either o

Ferrous Systems 12 Dec 11, 2022
A Rust proc-macro crate which derives functions to compile and parse back enums and structs to and from a bytecode representation

Bytecode A simple way to derive bytecode for you Enums and Structs. What is this This is a crate that provides a proc macro which will derive bytecode

null 4 Sep 3, 2022
👁️ See through bad bots trying to lie about their user agents

Odd Eye Detect bad bots trying to disguise themselves as humans. Features HTTP2 connection fingerprints TLS signatures Canvas fingerprints How it work

Xetera 31 Dec 14, 2022
Collection of "surprising behaviours" in Rust. In the same spirit of wtfpython and wtfjs.

wtfrust Collection of "surprising behaviours" in Rust. In the same spirit of wtfpython and wtfjs. This document avoids common and general problems in

张实唯 3 Oct 29, 2021
A rust library for interacting with multiple Discord.com-compatible APIs and Gateways at the same time.

Chorus A rust library for interacting with (multiple) Spacebar-compatible APIs and Gateways (at the same time). Explore the docs » Report Bug · Reques

polyphony 4 Apr 30, 2023
Private swaps for Secret Network using a private entropy pool & differential privacy.

WIP SecretSwap: Anon Edition Private swaps for Secret Network! Uses private entropy pool for differential privacy when reporting pools sizes. Swap amo

Enigma 5 Apr 5, 2022
proc macros for generating mut and non-mut methods without duplicating code

mwt Hey! You! Read this before using! mwt was thrown together pretty quickly for personal use, because I couldn't find an existing crate that does thi

null 1 Dec 24, 2021
Provide expansion of proc-macros, in a way that rustc directs you directly to the issues at hand

expander Expands a proc-macro into a file, and uses a include! directive in place. Advantages Only expands a particular proc-macro, not all of them. I

Bernhard Schuster 16 Oct 5, 2022
Macros to make writing proc-macro crates easy

proc-easy Macros to make writing proc-macro crates easy. This crate provides mainly macros and supporting types and traits to reduce amount of boilerp

Zakarum 7 Jan 1, 2023