malloc() Guard Pages

Contributed by jose on 2003-10-17 from the breaking-more-software dept.

A new feature has been added to OpenBSD-current, malloc() guard pages. These can help you debug software and also add some measure of security. From the commit log:

CVSROOT:      /cvs
Module name:  src
Changes by:   tedu@cvs.openbsd.org    2003/10/16 11:05:05

Modified files:
      lib/libc/stdlib: malloc.3 malloc.c
Log message:
by popular demand, malloc guard pages.  insert an unreadable/unwriteable
page after each page size allocation to detect overrun.  this is
somewhat electric fence like, while attempting to be mostly usable in
production.  also, use tdeval's chunk randomization code.
enabled with the G option.
ok deraadt and co.

People have been testing this on OpenBSD for a while now and fixing various bugs they found, and a few more may lurk. It's configurable with a new malloc.conf(5) option, as opposed to defaulting to "on." Thanks, Ted, for this checkin.

(Comments are closed)

Comments

By Frank Denis () j@pureftpd.org on 2003-10-17 16:48 http://www.skymobile.com/

Why not enable this by default ?

May it break valid apps or introduce a significant decrease of performances ?
Comments
1. By Anonymous Coward () on 2003-10-17 17:21
  
  Why not default? This is an awfull hack in place of proper bounds chekking. How could this break something? If this brakes something it was already broken.
  Comments
  1. By Brad () brad at comstyle dot com on 2003-10-18 13:07 mailto:brad at comstyle dot com
    
    Yes technically it was "broken" but not in the sense that it will not run at all or crash durring operation.
  2. By tedu () on 2003-10-18 04:12
    
    yes, it was broken before, but at least it still worked. end users tend to divide software into working and not working, as opposed to a developer's more philosophical broken and not broken categories. :)
    
    Comments
    
    By Anthony () on 2003-10-18 11:04
    
    "end users"
    
    I'm not sure you could call OpenBSD users with -current standard end users. I can only speak for myself, but a program that's broken is better segfaulting now than being exploitable later.
    
    Comments
    
    By Anonymous Coward () on 2003-10-24 15:04
    
    no, but -current becomes the next release. I doubt OpenBSD is willing to change it for -release, then back for -current.
2. By Michael () on 2003-10-17 17:30
  
  It looks like this is a 'beta' kind of thing. If you can risk it, enable it and test it out, report bugs, etc.
  
  The above poster is correct, if this breaks something, then it was already broken.
3. By Anonymous Coward () on 2003-10-17 20:30
  
  Because some shitty software is essential. Try running Mozilla with this...
  Comments
  1. By Brad () brad at comstyle dot com on 2003-10-18 13:05 mailto:brad at comstyle dot com
    
    That just gives more reason to enable it by default so this shit software can be weeded out.
4. By Brad () brad at comstyle dot com on 2003-10-18 13:10 mailto:brad at comstyle dot com
  
  We can only take so much of a performance hit from all of these various features and AFAIK the bugs found from this are not show stoppers.
5. By tedu () on 2003-10-18 04:09
  
  i think performance is acceptable with it. it does waste a fair amount of VM (only actual RAM in some cases). mainly, a make build on sparc64 (which uses large pages and more memory to compile) runs into limit issues. crank before attempting.
  
  a lot of broken software has already been found, by only a few people testing. defaulting to on would suddenly increase exposure, and it would be a lot of people who perhaps don't understand what happened and would blame openbsd. "mozilla worked before, why'd you break it?" see, it's mozilla that's broken, but that's hard to explain sometimes.
By David Krause () david@openbsd.org on 2003-10-17 23:49 mailto:david@openbsd.org

Bugs were found in the following software with the aid of guard pages:

src: csh, cvs, ksh, libcurses, make, sort, tsort
ports: bison, fetchmail, t1lib
XF4: freetype

Please help us find more. If you don't mind living a little dangerously, install or upgrade to the latest -current and 'ln -s AJFG /etc/malloc.conf'. I'm sure that there are more bugs lurking, especially in the ports tree.
Comments
1. By David Krause () david@openbsd.org on 2003-10-18 00:14 mailto:david@openbsd.org
  
  Missed a few:
  
  src: csh, cvs, ksh, libcurses, make, sed, sort, tsort, whois
  ports: bison, fetchmail, t1lib
  XF4: freetype, xterm
2. By Pablo M�ndez () on 2003-10-22 05:00
  
  Hi David:
  
  F option ? I don't find it in manpage :(
By Janne Johansson () on 2003-10-18 04:59

I mean, they actually claim to have whispered code fragments under the door at 5am in the hotel where Theo slept after having a couple of beers with Sir Puffy of Ramsey. The hatemails will surely kill this project now. ;-)

Latest Articles

Thu, Apr 18
- 05:05 Coming soon to a -current system near you: parallel raw IP input (0)
Wed, Apr 17
- 05:33 In -current, default write format for tar(1) changed to "pax" (9)
Wed, Apr 10
- 18:50 OpenSMTPD 7.5.0p0 Released (2)
Tue, Apr 09
- 04:49 20 years since "and we're just starting": undeadly.org turns 20 (2024-04-09) (13)
Fri, Apr 05
- 06:16 OpenBSD 7.5 released (2)
Thu, Mar 28
- 18:18 LibreSSL 3.8.4 and 3.9.1 released (0)
Tue, Mar 12
- 06:53 OpenSSH 9.7/9.7p1 released! (0)
Mon, Mar 11
- 11:28 Game of Trees 0.97 released (0)
Sun, Mar 10
- 09:06 LibreSSL versions 3.8.3 and 3.9.0 released (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]