Security

Note	The page is Work In Progress

This page documents security aspects of Nim and best practices.

Security features in the language:

No pointer arithmetic
Taint mode
The Effect system can be used for security
Nim attempts to generate C code that does not rely on unsecure function/patterns (e.g. unchecked strcpy)
The language encourage using immutable and const values
Type conversions are memory-safe
Low-level memory access allows mlock (TODO: add example) and memory wipe (TODO: add example)
Memory regions TODO

Compiling with GCC on Linux

Nim attempts to generate C code that does not rely on unsecure function/patterns. As such, some of the options listed below might be less useful than when building pure-C applications.

All the following options enabled together:

--passC:"-fPIE -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -O1 -fstack-protector-all" --passL:"-fPIE -pie -z relro -z now"

Same entries for nim.cfg:

gcc.options.always = "-w -D_FORTIFY_SOURCE=2 -O1 -Wformat -Wformat-security -fPIE -fstack-protector-all"
gcc.options.linker = "-ldl -fPIE -pie -z relro -z now"

Stack protector

Terminate execution when the stack is being overwritten

nim c --passC:"-fstack-protector-all"

Protect againt fixed-size buffer overflow

nim c --passC:"-D_FORTIFY_SOURCE=2 -O1"

Warn on unsecure prinf usage

nim c --passC:"-Wformat -Wformat-security"

Position independent executable

Enable ASLR

nim c --passC:"-fPIE" --passL:"-fPIE -pie"

Full RELRO

Resolve dynamic symbols at startup and flag the GOT as read-only.

nim c --passL:"-z relro -z now"

Resources

https://wiki.debian.org/Hardening