Re: libc malloc poison

2013-07-05 Thread Otto Moerbeek
On Thu, Jul 04, 2013 at 05:24:20PM +0200, Mark Kettenis wrote: From: Theo de Raadt dera...@cvs.openbsd.org Date: Thu, 04 Jul 2013 09:04:54 -0600 I suspect the best approach would be a hybrid value. The upper half of the address should try to land in an unmapped zone, or into the zero

Re: libc malloc poison

2013-07-05 Thread Henri Kemppainen
On Thu, Jul 04, 2013 at 05:24:20PM +0200, Mark Kettenis wrote: From: Theo de Raadt dera...@cvs.openbsd.org Date: Thu, 04 Jul 2013 09:04:54 -0600 I suspect the best approach would be a hybrid value. The upper half of the address should try to land in an unmapped zone, or into the

Re: libc malloc poison

2013-07-04 Thread Theo de Raadt
On Wed, Jul 03, 2013 at 17:21, Theo de Raadt wrote: + int pval = 0xd0d0caca; Can you explain the choice of this? I thought it sounded clever. Ok, because there's more to the picture. Inside the kernel, we tend to use 0xdeadbeef, or the DEADBEEF0/DEADBEEF1 values. Reason for the

Re: libc malloc poison

2013-07-04 Thread Mark Kettenis
From: Theo de Raadt dera...@cvs.openbsd.org Date: Thu, 04 Jul 2013 09:04:54 -0600 I suspect the best approach would be a hybrid value. The upper half of the address should try to land in an unmapped zone, or into the zero page, or into some address space hole, ir into super high memory

Re: libc malloc poison

2013-07-04 Thread Theo de Raadt
From: Theo de Raadt dera...@cvs.openbsd.org Date: Thu, 04 Jul 2013 09:04:54 -0600 I suspect the best approach would be a hybrid value. The upper half of the address should try to land in an unmapped zone, or into the zero page, or into some address space hole, ir into super high

libc malloc poison

2013-07-03 Thread Ted Unangst
change the junking to be word size. maybe later we can also change the values to be random or something. Index: stdlib/malloc.c === RCS file: /cvs/src/lib/libc/stdlib/malloc.c,v retrieving revision 1.149 diff -u -p -r1.149 malloc.c

Re: libc malloc poison

2013-07-03 Thread Theo de Raadt
+ int pval = 0xd0d0caca; Can you explain the choice of this? There are arguments to make this MI; other arguments to make it MD; and other arguments to introduce a bit of randomness. I'd like to know which arguments you have

Re: libc malloc poison

2013-07-03 Thread Ted Unangst
On Wed, Jul 03, 2013 at 17:21, Theo de Raadt wrote: + int pval = 0xd0d0caca; Can you explain the choice of this? I thought it sounded clever. There are arguments to make this MI; other arguments to make it MD; and other arguments to introduce a bit of randomness. I'd like to know