c - Protecting heap data when a program is halted -

suppose have program decrypts file , stores decrypted contents on heap. want protect information other (non-root) processes running on same system, before call free() release heap allocation, i'm using memset() overwrite data , make unavailable next process uses same physical memory. (i understand isn't concern on systems, prefer err on side of safety.)

however, i'm not sure in cases program doesn't terminate normally, either through forced termination (sigint, sigterm, etc.) or due error condition (sigsegv, sigbus, etc.). should trap many signals possible clear heap before exiting, or there more orderly way of doing things?

an operating system leaks contents of memory between processes (especially different privileges) broken security point of view doing won't change anything. since on operating systems memory pages write can @ point taken away you, swapped out , given else. can safely don't need worry normal termination unless you're on operating system specialized doesn't have leak memory to. also, there ways kill process without having ability catch killing signal, couldn't handle cases anyway.

when comes abnormal termination (sigsegv, etc.) best bet either disable dumping cores or @ least make sure core dumps readable you. should main worry, physical memory won't leak, core dumps readable else.

that being said, it's still practice wipe secrets memory don't need them anymore. not because can leak others through normal operation, because can't, because can leak out through bugs. might have exploitable bug, maybe stray pointer you'll write log, maybe you'll leave key on stack , forget initialize data, etc. main worry shouldn't wipe out secrets memory before exit, identify point in code don't need secret anymore , wipe right , there.

unfortunately, using memset mentioned not enough. many compilers today smart enough understand of calls memset dead stores , optimize them away (like memset of stack buffer before leaving function or before free). see this issue in libressl discussion it, , this implementation of explicit_bzero best known attempt work around on clang , gcc.