Ok, I’m now using the secrecy crate in my code to make sure no secrets are left in memory. I have automated memory searching and it finds the secrets nevertheless. And now the trick question: how do I figure out which code path left them there? 😅

Follow

And apparently, the answer is: I compile with my own allocator. This way I can not only log all allocations, I can also ignore deallocations to make sure no two data structures share a memory location. Rather smelly code but it works.

github.com/palant/pfp-cli/comm

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.