Contributed by Janne Johansson on from the can-we-softctl-or-syslink-it dept.
We are moving away from the /etc/malloc.conf symbolic link to a new sysctl:$ sysctl vm.malloc_conf vm.malloc_conf=C
This will allow unveiled and chrooted processes to access the malloc options without having to do anything special in the code or chroot dir.
He continued the heads up with:
As I often get this question: for some extra protection, use C or CF, accept some performance impact.The other two ways to change malloc(3) behaviour are still left, either setting the environment variable MALLOC_OPTIONS before starting the program or adding a static string named "malloc_options" in your source code.
For development, bug hunting and/or extra security use S, with more performance impact.
Note that with default options, malloc already has quite some protection features.
Upcoming snapshots will contain this.
(Comments are closed)
By Renaud Allard (renaud) firstname.lastname@example.org on
Good idea. In fact, one has to wonder why this hasn't been done before as this is quite clearer than the malloc.conf symlink where many people didn't understand how to configure (although clearly documented).