Igor Podlesny <open...@poige.ru> wrote:

> On Sat, 27 Apr 2019 at 12:37, Anthony J. Bentley <anth...@anjbe.name> wrote:
> >
> > You didn't check the manpage.
> you didn't think it over.
> https://www.mail-archive.com/misc@openbsd.org/msg167012.html

No, you didn't think it through at all.

You are expecting the malloc settings to provide security gaurantees.
They do not.  They detect corruption.  That is not the same as
a security gaurantee.

Then you wish to use this inside a chroot jail, and make it tighter.


Next you argue but what if the program inside the jail adjusts
it's environment.  Well then all bets are off.  Why would that
program modify it's environment variable only, rather than just
doing anything else it wants to do?

Why would it restrict itself to adjusting this specific environment
variable only, and why would you consider that to impact security?

The malloc configuration was moved to a sysctl to make it compatible
with pledge+unveil.  It has tightened the security in many programs.

The change has weakened security in your configurations because
you designed them wrong.

Finally Igor you are being a jerk.  Cut it out.

Reply via email to