1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1101318: ITP: golang-github-awnumar-memguard -- Secure software enc

    From Simon Josefsson@21:1/5 to All on Tue Mar 25 15:30:01 2025
    XPost: linux.debian.devel

    Package: wnpp
    Severity: wishlist
    Owner: Simon Josefsson <simon@josefsson.org>

    * Package name : golang-github-awnumar-memguard
    Version : 0.22.5-1
    Upstream Author : Awn
    * URL : https://github.com/awnumar/memguard
    * License : Apache-2.0
    Programming Lang: Go
    Description : Secure software enclave for storage of sensitive information in memory.

    This package attempts to reduce the likelihood of sensitive data being
    exposed when in memory. It aims to support all major operating systems
    and is written in pure Go.
    .
    Features
    .
    * Sensitive data is encrypted and authenticated in memory with
    XSalsa20Poly1305. The scheme (https://spacetime.dev/encrypting-secrets-in-
    memory) used also defends against cold-boot attacks
    (https://spacetime.dev/memory-retention-attacks).
    * Memory allocation bypasses the language runtime by using system calls
    (https://github.com/awnumar/memcall) to query the kernel for resources
    directly. This avoids interference from the garbage-collector.
    * Buffers that store plaintext data are fortified with guard pages and
    canary values to detect spurious accesses and overflows.
    * Effort is taken to prevent sensitive data from touching the disk.
    This includes locking memory to prevent swapping and handling core
    dumps.
    * Kernel-level immutability is implemented so that attempted
    modification of protected regions results in an access violation.
    * Multiple endpoints provide session purging and safe termination
    capabilities as well as signal handling to prevent remnant data being
    left behind.
    * Side-channel attacks are mitigated against by making sure that the
    copying and comparison of data is done in constant-time.

    https://salsa.debian.org/go-team/packages/golang-github-awnumar-memguard https://salsa.debian.org/jas/golang-github-awnumar-memcall/-/pipelines

    /Simon

    -----BEGIN PGP SIGNATURE-----

    iQNoBAEWCAMQFiEEo8ychwudMQq61M8vUXIrCP5HRaIFAmfiupQUHHNpbW9uQGpv c2Vmc3Nvbi5vcmfCHCYAmDMEXJLOtBYJKwYBBAHaRw8BAQdACIcrZIvhrxDBkK9f V+QlTmXxo2naObDuGtw58YaxlOu0JVNpbW9uIEpvc2Vmc3NvbiA8c2ltb25Aam9z ZWZzc29uLm9yZz6IlgQTFggAPgIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgBYh BLHSvRN1vst4TPT4xNc89jjFPAa+BQJn0XQkBQkNZGbwAAoJENc89jjFPAa+BtIA /iR73CfBurG9y8pASh3cbGOMHpDZfMAtosu6jbpO69GHAP4p7l57d+iVty2VQMsx +3TCSAvZkpr4P/FuTzZ8JZe8BrgzBFySz4EWCSsGAQQB2kcPAQEHQOxTCIOaeXAx I2hIX4HK9bQTpNVei708oNr1Klm8qCGKiPUEGBYIACYCGwIWIQSx0r0Tdb7LeEz0 +MTXPPY4xTwGvgUCZ9F0SgUJDWRmSQCBdiAEGRYIAB0WIQSjzJyHC50xCrrUzy9R cisI/kdFogUCXJLPgQAKCRBRcisI/kdFoqdMAQCgH45aseZgIrwKOvUOA9QfsmeE 8GZHYNuFHmM9FEQS6AD6A4x5aYvoY6lo98pgtw2HPDhmcCXFItjXCrV4A0GmJA4J ENc89jjFPAa+wUUBAO64fbZek6FPlRK0DrlWsrjCXuLi6PUxyzCAY6lG2nhUAQC6 qobB9mkZlZ0qihy1x4JRtflqFcqqT9n7iUZkCDIiDbg4BFySz2oSCisGAQQBl1UB BQEBB0AxlRumDW6nZY7A+VCfek9VpEx6PJmdJyYPt3lNHMd6HAMBCAeIfgQYFggA JgIbDBYhBLHSvRN1vst4TPT4xNc89jjFPAa+BQJn0XTSBQkNZGboAAoJENc89jjF PAa+0M0BAPPRq73kLnHYNDMniVBOzUdi2XeF32idjEWWfjvyIJUOAP4wZ+ALxIeh is3Uw2BzGZE6ttXQ2Q+DeCJO3TPpIqaXDAAKCRBRcisI/kdFojIhAP0Rgt5G7sPm lWR/192OIT1rtmL+kll9tTOYlsOTsaWwBgEAnAgNsXO/MdEp3JbzRbBowrtsOteQ R7ZNB2+sb1reeAs=
    =oZC4
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)