On 16/01/2020 10:30, Evgeniy Berdnikov via Exim-users wrote: > However, the assumption that malloc() and its derivative functions use > only sbrk(2) is too optimistic. :-) And it is definitely wrong for > glibc-based implementations, including Linux, where "man malloc" says: > > Normally, malloc() allocates memory from the heap, and adjusts the size > of the heap as required, using sbrk(2). When allocating blocks of mem- > ory larger than MMAP_THRESHOLD bytes, the glibc malloc() implementation > allocates the memory as a private anonymous mapping using mmap(2).
Thanks for the reference. > Maybe some variation of this approach have chances to survive, say, > special pools with "untainted" strings and special functions to put > a string to such pool after all checks (other strings should be > considered as "tainted"). Oddly enough, that is exactly what is implemented for the "slow" version of taint-tracking. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
