| Alex Stapleton | 68bba2d | 2014-03-22 23:03:15 +0000 | [diff] [blame] | 1 | Known security limitations |
| 2 | -------------------------- |
| 3 | |
| 4 | Lack of secure memory wiping |
| 5 | ============================ |
| 6 | |
| 7 | `Memory wiping`_ is used to protect secret data or key material from attackers |
| 8 | with access to uninitialized memory. This can be either because the attacker |
| Alex Stapleton | 1977a60 | 2014-03-22 23:50:52 +0000 | [diff] [blame] | 9 | has some kind of local user access or because of how other software uses |
| Alex Stapleton | 68bba2d | 2014-03-22 23:03:15 +0000 | [diff] [blame] | 10 | uninitialized memory. |
| 11 | |
| Alex Stapleton | a108ac6 | 2014-03-25 10:03:58 +0000 | [diff] [blame] | 12 | Python exposes no API for us to implement this reliably and as such almost all |
| kennwhite | 993d847 | 2014-06-25 21:09:28 -0400 | [diff] [blame] | 13 | software in Python is potentially vulnerable to this attack. The |
| 14 | `CERT secure coding guidelines`_ assesses this issue as "Severity: medium, |
| Alex Gaynor | d7a2306 | 2014-06-25 19:52:03 -0700 | [diff] [blame] | 15 | Likelihood: unlikely, Remediation Cost: expensive to repair" and we do not |
| 16 | consider this a high risk for most users. |
| Alex Stapleton | 68bba2d | 2014-03-22 23:03:15 +0000 | [diff] [blame] | 17 | |
| 18 | .. _`Memory wiping`: http://blogs.msdn.com/b/oldnewthing/archive/2013/05/29/10421912.aspx |
| Alex Gaynor | a80fb94 | 2015-03-03 18:29:55 -0500 | [diff] [blame^] | 19 | .. _`CERT secure coding guidelines`: https://www.securecoding.cert.org/confluence/display/c/MEM03-C.+Clear+sensitive+information+stored+in+reusable+resources |