EnricoMi opened a new pull request, #46017: URL: https://github.com/apache/arrow/pull/46017
### Rationale for this change Arrow deals with secrets like encryption / decryption keys which must be kept private. One way of leaking such secrets is through memory allocation where another process allocates memory that previously hold the secret, because that memory was not cleared before being freed. ### What changes are included in this PR? Uses various implementations of securely clearing memory, notably - `SecureZeroMemory`(Windows) - `memset_s`(STDC) - `OPENSSL_cleanse` (OpenSSL >= 3) - `explicit_bzero`(glibc 2.25+) - `memset_v` (fallback). ### Are these changes tested? Unit tests. ### Are there any user-facing changes? APIs that hand over secrets to Arrow require the secret to be encapsulated in a `SecureString`. **This PR includes breaking changes to public APIs.** TODO: - collect list of affected APIs - provide instructions for migration - deprecate string-based methods - make `SecureString` available to Python API - make sure all paths are tested (test all compile directives) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
