-
Notifications
You must be signed in to change notification settings - Fork 73
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reading secret from a file #557
Comments
@cecton being able to read from a file directly into a |
@cecton did you ever implement the reading in a secret from a file? |
@c-git sorry I totally forgot about this ticket, Feel free to go ahead with the implementation if you would likd |
Ok thanks. If I do I'll submit it but I'm not quite sure how to securely accomplish that task. |
tbh I'm not sure either, My colleagues back in the days mentioned something special to do but I forgot what exactly... @tomaka maybe you can help with some advice here? (I think it was you) |
oh wait, probably that was a not so innocent suggestion, I think the idea was to copy the code of fs::read_to_string from std and do something special like zeroing the buffer before the exit. |
Thanks that looks like something I might be able to follow up on. |
Disclaimer I'm new to Rust (but not programing). So if someone can look over what I did that would be great. (I used PyCharm to follow the code from one point to the next in the standard library and it looks like it was navigating correctly to me. Was able to match it in the online github repo) Didn't seem possible for a full copy to be left in a buffer somewhere in memoryThat said I think no separate buffers are used other than the one created to store the string in the first call. And this owned string is moved into the Secret wrapper. There was one point in the code here where it looked like another buffer was allocated. However when I checked what a Partial copies seemed possible (but under what seemed like unlikely situations)I did see two ways that part of the file could be loaded into memory and then not cleared. I'm not sure of the viability of either approach but from reading the comments and following the code logic I was lead to believe that it might be possible.
|
I was wondering if this code could potentially leave a copy of a secret in memory:
Because the underlying implementation of
read_to_string
might re-allocate theString
and not zeroes the partially-read secret.Do you have any suggestion?
I would be happy to provide a PR that convert an
impl Read
to aSecretString
that would zeroes things between reads if you think that is a good implementation.The text was updated successfully, but these errors were encountered: