diff options
| author | djm <> | 2012-11-02 18:18:15 +0000 |
|---|---|---|
| committer | djm <> | 2012-11-02 18:18:15 +0000 |
| commit | 64ab00b74d452286d284fbe8ce4781223600253b (patch) | |
| tree | 5ac95b51be61afab38ef830fc97336aacc9973c7 /src/lib/libc/stdlib/malloc.3 | |
| parent | 32d6b9fd8bf5ca2c2be1fa08a2528c8631540b9a (diff) | |
| download | openbsd-64ab00b74d452286d284fbe8ce4781223600253b.tar.gz openbsd-64ab00b74d452286d284fbe8ce4781223600253b.tar.bz2 openbsd-64ab00b74d452286d284fbe8ce4781223600253b.zip | |
Add a new malloc option 'U' => "Free unmap" that does the guarding/
unmapping of freed allocations without disabling chunk randomisation
like the "Freeguard" ('F') option does. Make security 'S' option
use 'U' and not 'F'.
Rationale: guarding with no chunk randomisation is great for debugging
use-after-free, but chunk randomisation offers better defence against
"heap feng shui" style attacks that depend on carefully constructing a
particular heap layout so we should leave this enabled when requesting
security options.
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libc/stdlib/malloc.3 | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/src/lib/libc/stdlib/malloc.3 b/src/lib/libc/stdlib/malloc.3 index 6a012fd23d..74df922f4b 100644 --- a/src/lib/libc/stdlib/malloc.3 +++ b/src/lib/libc/stdlib/malloc.3 | |||
| @@ -30,9 +30,9 @@ | |||
| 30 | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 30 | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| 31 | .\" SUCH DAMAGE. | 31 | .\" SUCH DAMAGE. |
| 32 | .\" | 32 | .\" |
| 33 | .\" $OpenBSD: malloc.3,v 1.70 2011/07/22 07:00:44 otto Exp $ | 33 | .\" $OpenBSD: malloc.3,v 1.71 2012/11/02 18:18:15 djm Exp $ |
| 34 | .\" | 34 | .\" |
| 35 | .Dd $Mdocdate: July 22 2011 $ | 35 | .Dd $Mdocdate: November 2 2012 $ |
| 36 | .Dt MALLOC 3 | 36 | .Dt MALLOC 3 |
| 37 | .Os | 37 | .Os |
| 38 | .Sh NAME | 38 | .Sh NAME |
| @@ -231,13 +231,17 @@ This option requires the library to have been compiled with -DMALLOC_STATS in | |||
| 231 | order to have any effect. | 231 | order to have any effect. |
| 232 | .It Cm F | 232 | .It Cm F |
| 233 | .Dq Freeguard . | 233 | .Dq Freeguard . |
| 234 | Enable use after free protection. | 234 | Enable use after free detection. |
| 235 | Unused pages on the freelist are read and write protected to | 235 | Unused pages on the freelist are read and write protected to |
| 236 | cause a segmentation fault upon access. | 236 | cause a segmentation fault upon access. |
| 237 | This will also switch off the delayed freeing of chunks, | 237 | This will also switch off the delayed freeing of chunks, |
| 238 | reducing random behaviour but detecting double | 238 | reducing random behaviour but detecting double |
| 239 | .Fn free | 239 | .Fn free |
| 240 | calls as early as possible. | 240 | calls as early as possible. |
| 241 | This option is intended for debugging rather than improved security | ||
| 242 | (use the | ||
| 243 | .Cm U | ||
| 244 | option for security). | ||
| 241 | .It Cm G | 245 | .It Cm G |
| 242 | .Dq Guard . | 246 | .Dq Guard . |
| 243 | Enable guard pages. | 247 | Enable guard pages. |
| @@ -275,6 +279,11 @@ This can substantially aid in compacting memory. | |||
| 275 | .\"Consult the source for this one. | 279 | .\"Consult the source for this one. |
| 276 | .It Cm S | 280 | .It Cm S |
| 277 | Enable all options suitable for security auditing. | 281 | Enable all options suitable for security auditing. |
| 282 | .It Cm U | ||
| 283 | .Dq Free unmap . | ||
| 284 | Enable use after free protection for larger allocations. | ||
| 285 | Unused pages on the freelist are read and write protected to | ||
| 286 | cause a segmentation fault upon access. | ||
| 278 | .It Cm X | 287 | .It Cm X |
| 279 | .Dq xmalloc . | 288 | .Dq xmalloc . |
| 280 | Rather than return failure, | 289 | Rather than return failure, |