oranenj
commented
3 years ago Fixed a clippy complaint and a formatting error. Should be good now. (EDIT: of course it wasn't. Fixed another formatting error, but now it's rustfmt-compliant.)
Closed oranenj closed 3 years ago
oranenj
commented
3 years ago Fixed a clippy complaint and a formatting error. Should be good now. (EDIT: of course it wasn't. Fixed another formatting error, but now it's rustfmt-compliant.)
doy
commented
3 years ago sounds pretty reasonable, thanks!
This offers some protection against other user processes attempting to read rbw-agent's memory. Unfortunately, I don't have other platforms to test on, so the implementation is only for Linux.
I haven't actually looked into how easy it would be to extract sensitive data from the memory dumps, but I can see no downside to disallowing it.
With this patch,
gdb -p $(pidof rbw-agent)results inptrace: Operation not permitted. This is similar to what eg.ssh-agentdoes, though I think it goes a few steps further and periodically scrambles its stored keys while it's not in use. Since rbw-agent can be locked on a timeout and it cleans up its memory, it's probably not necessary to go that far.