Contributed by jose on from the breaking-more-software dept.
CVSROOT: /cvs Module name: src Changes by: tedu@cvs.openbsd.org 2003/10/16 11:05:05 Modified files: lib/libc/stdlib: malloc.3 malloc.c Log message: by popular demand, malloc guard pages. insert an unreadable/unwriteable page after each page size allocation to detect overrun. this is somewhat electric fence like, while attempting to be mostly usable in production. also, use tdeval's chunk randomization code. enabled with the G option. ok deraadt and co.People have been testing this on OpenBSD for a while now and fixing various bugs they found, and a few more may lurk. It's configurable with a new malloc.conf(5) option, as opposed to defaulting to "on." Thanks, Ted, for this checkin.
(Comments are closed)
By Frank Denis () j@pureftpd.org on http://www.skymobile.com/
May it break valid apps or introduce a significant decrease of performances ?
Comments
By Anonymous Coward () on
Comments
By Brad () brad at comstyle dot com on mailto:brad at comstyle dot com
By tedu () on
Comments
By Anthony () on
I'm not sure you could call OpenBSD users with -current standard end users. I can only speak for myself, but a program that's broken is better segfaulting now than being exploitable later.
Comments
By Anonymous Coward () on
By Michael () on
The above poster is correct, if this breaks something, then it was already broken.
By Anonymous Coward () on
Comments
By Brad () brad at comstyle dot com on mailto:brad at comstyle dot com
By Brad () brad at comstyle dot com on mailto:brad at comstyle dot com
By tedu () on
a lot of broken software has already been found, by only a few people testing. defaulting to on would suddenly increase exposure, and it would be a lot of people who perhaps don't understand what happened and would blame openbsd. "mozilla worked before, why'd you break it?" see, it's mozilla that's broken, but that's hard to explain sometimes.
By David Krause () david@openbsd.org on mailto:david@openbsd.org
src: csh, cvs, ksh, libcurses, make, sort, tsort
ports: bison, fetchmail, t1lib
XF4: freetype
Please help us find more. If you don't mind living a little dangerously, install or upgrade to the latest -current and 'ln -s AJFG /etc/malloc.conf'. I'm sure that there are more bugs lurking, especially in the ports tree.
Comments
By David Krause () david@openbsd.org on mailto:david@openbsd.org
src: csh, cvs, ksh, libcurses, make, sed, sort, tsort, whois
ports: bison, fetchmail, t1lib
XF4: freetype, xterm
By Pablo Méndez () on
F option ? I don't find it in manpage :(
By Janne Johansson () on