Igor Podlesny <open...@poige.ru> wrote: > On Sat, 27 Apr 2019 at 12:37, Anthony J. Bentley <anth...@anjbe.name> wrote: > > > > You didn't check the manpage. > > you didn't think it over. > https://email@example.com/msg167012.html
No, you didn't think it through at all. You are expecting the malloc settings to provide security gaurantees. They do not. They detect corruption. That is not the same as a security gaurantee. Then you wish to use this inside a chroot jail, and make it tighter. Fine. Next you argue but what if the program inside the jail adjusts it's environment. Well then all bets are off. Why would that program modify it's environment variable only, rather than just doing anything else it wants to do? Why would it restrict itself to adjusting this specific environment variable only, and why would you consider that to impact security? The malloc configuration was moved to a sysctl to make it compatible with pledge+unveil. It has tightened the security in many programs. The change has weakened security in your configurations because you designed them wrong. Finally Igor you are being a jerk. Cut it out.