CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2008/12/29 15:25:50
Modified files:
lib/libc/stdlib: malloc.3 malloc.c
Log message:
extra paranoia for malloc(3):
Move all runtime options into a structure that is made read-only
(via mprotect) after initialisation to protect against attacks that
overwrite options to turn off malloc protections (e.g. use-after-free)
Allocate the main bookkeeping data (struct dir_info) using mmap(),
thereby giving it an unpredictable address. Place a PROT_NONE guard
page on either side to further frustrate attacks on it.
Add a new 'L' option that maps struct dir_info PROT_NONE except when
in the allocator code itself. Makes attacks on it basically impossible.
feedback tedu deraadt otto canacar
ok otto
