A nice security property of 0xdf filling is that a use-after-free of a pointer is guaranteed to fault in a typical environment since it ends up pointing outside userspace (I assume that's the case on OpenBSD). A heap spray could potentially allow exploiting a random pointer. Perhaps it would be better if only the byte range guaranteeing faults for pointers was used? Less random, but strictly better than the current situation rather than losing a nice guarantee.
- Re: random malloc junk Theo Buehler
- Re: random malloc junk Daniel Micay
- Re: random malloc junk Otto Moerbeek
- Re: random malloc junk Daniel Micay
- Re: random malloc junk Ted Unangst
- Re: random malloc junk Theo de Raadt
- Re: random malloc junk Otto Moerbeek
- Re: random malloc junk Ted Unangst
- Re: random malloc junk Otto Moerbeek
- Re: random malloc junk Otto Moerbeek
- Re: random malloc junk Daniel Micay
- Re: random malloc junk Otto Moerbeek
- Re: random malloc junk Theo de Raadt
- Re: random malloc junk Theo Buehler