Contributed by Janne Johansson on from the can-we-softctl-or-syslink-it dept.
We are moving away from the /etc/malloc.conf symbolic link to a new sysctl:$ sysctl vm.malloc_conf vm.malloc_conf=C
This will allow unveiled and chrooted processes to access the malloc options without having to do anything special in the code or chroot dir.
He continued the heads up with:
As I often get this question: for some extra protection, use C or CF, accept some performance impact.The other two ways to change malloc(3) behaviour are still left, either setting the environment variable MALLOC_OPTIONS before starting the program or adding a static string named "malloc_options" in your source code.
For development, bug hunting and/or extra security use S, with more performance impact.
Note that with default options, malloc already has quite some protection features.
Upcoming snapshots will contain this.
(Comments are closed)