-
-
Notifications
You must be signed in to change notification settings - Fork 1.5k
Security
|
Note
|
The page is Work In Progress |
This page documents security aspects of Nim and best practices.
Security features in the language:
-
No pointer arithmetic
-
The Effect system can be used for security
-
Nim attempts to generate C code that does not rely on unsecure function/patterns (e.g. unchecked strcpy)
-
The language encourage using immutable and const values
-
Type conversions are memory-safe
-
Low-level memory access allows mlock (TODO: add example) and memory wipe (TODO: add example)
-
Memory regions TODO
Nim attempts to generate C code that does not rely on unsecure function/patterns. As such, some of the options listed below might be less useful than when building pure-C applications.
All the following options enabled together:
--passC:"-fPIE -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -O1 -fstack-protector-all" --passL:"-fPIE -pie -z relro -z now"Same entries for nim.cfg:
gcc.options.always = "-w -D_FORTIFY_SOURCE=2 -O1 -Wformat -Wformat-security -fPIE -fstack-protector-all"
gcc.options.linker = "-ldl -fPIE -pie -z relro -z now"Terminate execution when the stack is being overwritten
nim c --passC:"-fstack-protector-all"Intro
Getting Started
- Install
- Docs
- Curated Packages
- Editor Support
- Unofficial FAQ
- Nim for C programmers
- Nim for Python programmers
- Nim for TypeScript programmers
- Nim for D programmers
- Nim for Java programmers
- Nim for Haskell programmers
Developing
- Build
- Contribute
- Creating a release
- Compiler module reference
- Consts defined by the compiler
- Debugging the compiler
- GitHub Actions/Travis CI/Circle CI/Appveyor
- GitLab CI setup
- Standard library and the JavaScript backend
Misc