From 68bba2d174a8cc6d50f19509fb64388de7ea5b0c Mon Sep 17 00:00:00 2001 From: Alex Stapleton Date: Sat, 22 Mar 2014 23:03:15 +0000 Subject: Limitations --- docs/index.rst | 1 + docs/limitations.rst | 16 ++++++++++++++++ 2 files changed, 17 insertions(+) create mode 100644 docs/limitations.rst (limited to 'docs') diff --git a/docs/index.rst b/docs/index.rst index a25f4470..58424bfc 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -85,6 +85,7 @@ The ``cryptography`` open source project installation development/index security + limitations api-stability doing-a-release changelog diff --git a/docs/limitations.rst b/docs/limitations.rst new file mode 100644 index 00000000..423a55b9 --- /dev/null +++ b/docs/limitations.rst @@ -0,0 +1,16 @@ +Known security limitations +-------------------------- + +Lack of secure memory wiping +============================ + +`Memory wiping`_ is used to protect secret data or key material from attackers +with access to uninitialized memory. This can be either because the attacker +has some kind of local user access or because of other softwares use of +uninitialized memory. + +Python exposes no API for us to implement this reliably and as such most +software in Python is vulnerable to this attack. However we do not currently +believe this to be particularly high risk issue for most users. + +.. _`Memory wiping`: http://blogs.msdn.com/b/oldnewthing/archive/2013/05/29/10421912.aspx -- cgit v1.2.3 From 1977a605c5ac83dce0e717ca37f99eab48b73ada Mon Sep 17 00:00:00 2001 From: Alex Stapleton Date: Sat, 22 Mar 2014 23:50:52 +0000 Subject: Rephrase to keep the spell checker happy --- docs/limitations.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs') diff --git a/docs/limitations.rst b/docs/limitations.rst index 423a55b9..3b6cce2a 100644 --- a/docs/limitations.rst +++ b/docs/limitations.rst @@ -6,7 +6,7 @@ Lack of secure memory wiping `Memory wiping`_ is used to protect secret data or key material from attackers with access to uninitialized memory. This can be either because the attacker -has some kind of local user access or because of other softwares use of +has some kind of local user access or because of how other software uses uninitialized memory. Python exposes no API for us to implement this reliably and as such most -- cgit v1.2.3 From da4e0fa7a3dd53d3b81b655d0a3c0078063ab320 Mon Sep 17 00:00:00 2001 From: Alex Stapleton Date: Mon, 24 Mar 2014 10:03:26 +0000 Subject: Add citation for being a low risk issue --- docs/limitations.rst | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'docs') diff --git a/docs/limitations.rst b/docs/limitations.rst index 3b6cce2a..3028e7c8 100644 --- a/docs/limitations.rst +++ b/docs/limitations.rst @@ -10,7 +10,10 @@ has some kind of local user access or because of how other software uses uninitialized memory. Python exposes no API for us to implement this reliably and as such most -software in Python is vulnerable to this attack. However we do not currently -believe this to be particularly high risk issue for most users. +software in Python is vulnerable to this attack. However the +`CERT secure coding guidelines`_ categorise this issue as "low severity, +unlikely, expensive to repair" and we do not consider this a high risk for most +users. .. _`Memory wiping`: http://blogs.msdn.com/b/oldnewthing/archive/2013/05/29/10421912.aspx +.. _`CERT secure coding guidelines`: https://www.securecoding.cert.org/confluence/display/seccode/MEM03-C.+Clear+sensitive+information+stored+in+reusable+resources -- cgit v1.2.3 From cfe1c0b8962a268c62ae6289ee35bffe134080bd Mon Sep 17 00:00:00 2001 From: Alex Stapleton Date: Mon, 24 Mar 2014 11:21:08 +0000 Subject: Rephrase to avoid american english failure --- docs/limitations.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs') diff --git a/docs/limitations.rst b/docs/limitations.rst index 3028e7c8..7df4f810 100644 --- a/docs/limitations.rst +++ b/docs/limitations.rst @@ -11,7 +11,7 @@ uninitialized memory. Python exposes no API for us to implement this reliably and as such most software in Python is vulnerable to this attack. However the -`CERT secure coding guidelines`_ categorise this issue as "low severity, +`CERT secure coding guidelines`_ consider this issue as "low severity, unlikely, expensive to repair" and we do not consider this a high risk for most users. -- cgit v1.2.3 From a108ac6ce647112bd941657b5c7fe6a2c8ae3c36 Mon Sep 17 00:00:00 2001 From: Alex Stapleton Date: Tue, 25 Mar 2014 10:03:58 +0000 Subject: "potentially vulnerable" --- docs/limitations.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'docs') diff --git a/docs/limitations.rst b/docs/limitations.rst index 7df4f810..5b63ef54 100644 --- a/docs/limitations.rst +++ b/docs/limitations.rst @@ -9,8 +9,8 @@ with access to uninitialized memory. This can be either because the attacker has some kind of local user access or because of how other software uses uninitialized memory. -Python exposes no API for us to implement this reliably and as such most -software in Python is vulnerable to this attack. However the +Python exposes no API for us to implement this reliably and as such almost all +software in Python is potentially vulnerable to this attack. However the `CERT secure coding guidelines`_ consider this issue as "low severity, unlikely, expensive to repair" and we do not consider this a high risk for most users. -- cgit v1.2.3