On Fri, Apr 26, 2019 at 11:46:17PM -0600, Theo de Raadt wrote: > Igor Podlesny <open...@poige.ru> wrote: > > > On Sat, 27 Apr 2019 at 12:37, Anthony J. Bentley <anth...@anjbe.name> wrote: > > > > > > You didn't check the manpage. > > > > you didn't think it over. > > https://firstname.lastname@example.org/msg167012.html > > No, you didn't think it through at all. > > You are expecting the malloc settings to provide security gaurantees. > They do not. They detect corruption. That is not the same as > a security gaurantee. > > Then you wish to use this inside a chroot jail, and make it tighter. > > Fine. > > Next you argue but what if the program inside the jail adjusts > it's environment. Well then all bets are off. Why would that > program modify it's environment variable only, rather than just > doing anything else it wants to do? > > Why would it restrict itself to adjusting this specific environment > variable only, and why would you consider that to impact security? > > > The malloc configuration was moved to a sysctl to make it compatible > with pledge+unveil. It has tightened the security in many programs. > > The change has weakened security in your configurations because > you designed them wrong.
Additionally, in many cases using a symlink has unclear effects, since it is hard to determine if the first malloc call (malloc inits itself on first use) happens before of after the chroot call. I would argue that in many cases people were thinking they had per-chroot settings, while actually they had not. -Otto > > Finally Igor you are being a jerk. Cut it out. >