Runtime: Add protection to SecureString on Unix

Created on 11 Apr 2015  路  9Comments  路  Source: dotnet/runtime

We have a "working" implementation of SecureString on Unix, meaning that it'll run and provide the consumers with the expected inputs/outputs, but it doesn't actually encrypt any data in memory. We should investigate adding that. The implementation today does make other attempts at keeping the data confidential, such as using mlock to lock the pages in memory and using mprotect to remove read/write permissions from the pages.

api-approved os-linux up-for-grabs
Source
picture stephentoub

Most helpful comment

@Flavien we recently added SecureString back to ease back-compat. It lives in it's own assembly now: https://github.com/dotnet/corefx/tree/master/src/System.Security.SecureString.

picture ianhays on 21 Jul 2016
👍3

All 9 comments

We recently made the decision to leave SecureString without encryption on Unix, yes?

ianhays picture ianhays on 29 Jul 2015

I don't believe that's been decided. @weshaggard?

stephentoub picture stephentoub on 29 Jul 2015

https://github.com/dotnet/apireviews/tree/master/2015-07-14-securestring says SecureString should probably not be exposed in .NET Core

akoeplinger picture akoeplinger on 29 Jul 2015

We are still working through the details but I believe we are landing in a place where we will be removing support for SecureString in .NET Core.

weshaggard picture weshaggard on 29 Jul 2015
👎5

Closing this since dotnet/corefx#3536 removes System.Security.SecureString from .NetCore

pallavit picture pallavit on 30 Sep 2015

Will .NET Core have an alternative to SecureString?

Flavien picture Flavien on 21 Jul 2016

@Flavien we recently added SecureString back to ease back-compat. It lives in it's own assembly now: https://github.com/dotnet/corefx/tree/master/src/System.Security.SecureString.

ianhays picture ianhays on 21 Jul 2016
👍3

@ianhays Does the aforementioned SecureString implementation perform encryption on the target in Unix, as originally suggested? I assume not but, frankly, I don't understand why this would be deprecated or moved into its own assembly at all. SecureString is a security-critical API and there is no alternative that I'm aware of.

adamjstone picture adamjstone on 6 Jan 2017
👍1

@adamjstone the Unix implementation is here and explains what it does
https://github.com/dotnet/coreclr/blob/e74cdcb1ed6021eaf03eea5ee7f6ba3c6b403daf/src/mscorlib/corefx/System/Security/SecureString.Unix.cs

There was some older discussion here.
https://github.com/dotnet/corefx/pull/1388

danmosemsft picture danmosemsft on 6 Jan 2017
Was this page helpful?
0 / 5 - 0 ratings

Related issues

jamesqo picture jamesqo  路  3Comments
jkotas picture jkotas  路  3Comments
omajid picture omajid  路  3Comments
yahorsi picture yahorsi  路  3Comments
btecu picture btecu  路  3Comments