Contributed by ray on from the can't-touch-this dept.
Thanks Damien for the hard work!CVSROOT: /cvs Module name: src Changes by: djm@ 2008/12/29 15:25:50 Modified files: lib/libc/stdlib: malloc.3 malloc.c Log message: extra paranoia for malloc(3): Move all runtime options into a structure that is made read-only (via mprotect) after initialisation to protect against attacks that overwrite options to turn off malloc protections (e.g. use-after-free) Allocate the main bookkeeping data (struct dir_info) using mmap(), thereby giving it an unpredictable address. Place a PROT_NONE guard page on either side to further frustrate attacks on it. Add a new 'L' option that maps struct dir_info PROT_NONE except when in the allocator code itself. Makes attacks on it basically impossible. feedback tedu deraadt otto canacar ok otto
(Comments are closed)