-
Notifications
You must be signed in to change notification settings - Fork 221
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
parity-crypto: use mlock for Secret #413
Conversation
In substrate we are only using secrecy::SecretString which is statically defined, there also exist secrecy::SecretVec, both could be enhanced with the mlock guard I guess. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
error is usually printed before termination, I chose a warning because it's not a hard error, but something to be aware of
yeah, that's fine, cargo will select the latest compatible version in I filed iqlusioninc/crates#480 and now reading https://eklitzke.org/mlock-and-mlockall :) |
I have done some reading and talking to @ordian in DMs and at the end of it all I'm rather skeptical about
The code LGTM. |
@ordian @dvdplm, cc @gww-parity
Well, it's actually a bit more realistic in context of Substrate-based chains (are we even using That means that those machines might have swap files/partitions physically accessible while the device is offline. This will make it possible for a purely "cold" offline attack to steal the secrets that are accidentally exposed on the hard drive. I don't want to go into the weeds of discussing what secrets might and might not be valuable for the attacker enough to satisfy getting a physical access to the powered off machine -- such assumptions are really hard to maintain in code over time. So the application of "defence in deep" here is indeed correct. |
only in secret-store AFAIK code outside of |
We (me, @ordian and @gww-parity) have had another round of discussion about this and landed in a decision to close this. @cheme @kirushik Let us know if you strongly disagree and we can re-open! :) |
To give a bit more context, even I have been a bit towards using mlock, still closer to "be on the fence", as I see lack of model for decision making "mlock or not to mlock" e.g. from thread modelling point of view. Having said that, I am looking forward for Secrets types RFCs for Rust and LLVM, in mean time if I would came across (or come up with) better modelling for mlock will reopen. |
Fixes #411.
As mentioned in our internal issue tracker, it's not clear to me how it could integrated into secrecy for two reasons:
secrecy::SecretBox<S>
is generic overS
and in order to callmlock
, we would need something like a slice. This could be potentially "solved" by introducing a trait that abstracts over a slice (e.g.AsRef<[u8]>
), but that would limitSecretBox
only to these types.mlock
should be propagated. In this PR we simply ignore it as this security measure is optional and the syscall may fail due to multiple reasons, e.g. on windows there is a small amount of maximal pages a process can lock by default. Also it's not guaranteed that a memory page won't be written to disk, e.g. in case of hibernation or memory starvation.This PR suggests a simple approach to not introduce an abstraction for it (at least for now) and ignore the errors on construction.
If you have ideas how it could be improved though, please share!
This is a non-breaking change.