extra paranoia for malloc(3):

Move all runtime options into a structure that is made read-only (via mprotect) after initialisation to protect against attacks that overwrite options to turn off malloc protections (e.g. use-after-free) Allocate the main bookkeeping data (struct dir_info) using mmap(), thereby giving it an unpredictable address. Place a PROT_NONE guard page on either side to further frustrate attacks on it. Add a new 'L' option that maps struct dir_info PROT_NONE except when in the allocator code itself. Makes attacks on it basically impossible. feedback tedu deraadt otto canacar ok otto
author: djm <> 2008-12-29 22:25:50 +0000
committer: djm <> 2008-12-29 22:25:50 +0000
commit: c2f9a0271169166b38060ef5e36ef203765e45dd (patch)
tree: 98faf6e6f7899c0929ab660551964d3931213b49 /src/lib/libc/stdlib/malloc.3
parent: 83483f908c4b6c5c812c6388c7929c6f10a8ef28 (diff)
download: openbsd-c2f9a0271169166b38060ef5e36ef203765e45dd.tar.gz
openbsd-c2f9a0271169166b38060ef5e36ef203765e45dd.tar.bz2
openbsd-c2f9a0271169166b38060ef5e36ef203765e45dd.zip
1 files changed, 9 insertions, 2 deletions
diff --git a/src/lib/libc/stdlib/malloc.3 b/src/lib/libc/stdlib/malloc.3
index edcd748ed9..2458834302 100644
--- a/src/lib/libc/stdlib/malloc.3
+++ b/src/lib/libc/stdlib/malloc.3
@@ -30,9 +30,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     $OpenBSD: malloc.3,v 1.58 2008/11/26 12:06:54 pedro Exp $
+.\"     $OpenBSD: malloc.3,v 1.59 2008/12/29 22:25:50 djm Exp $
 .\"
-.Dd $Mdocdate: November 26 2008 $
+.Dd $Mdocdate: December 29 2008 $
 .Dt MALLOC 3
 .Os
 .Sh NAME
@@ -249,6 +249,13 @@ Currently junk is bytes of 0xd0 when allocating; this is pronounced
 .Dq Duh .
 \&:-)
 Freed chunks are filled with 0xdf.
+.It Cm L
+.Dq Lock .
+Lock critical data structures using
+.Xr mprotect 2
+to protect against modification except by
+.Nm
+and related routines.
 .It Cm P
 .Dq Move allocations within a page.
 Allocations larger than half a page but smaller than a page
author	djm <>	2008-12-29 22:25:50 +0000
committer	djm <>	2008-12-29 22:25:50 +0000
commit	c2f9a0271169166b38060ef5e36ef203765e45dd (patch)
tree	98faf6e6f7899c0929ab660551964d3931213b49 /src/lib/libc/stdlib/malloc.3
parent	83483f908c4b6c5c812c6388c7929c6f10a8ef28 (diff)
download	openbsd-c2f9a0271169166b38060ef5e36ef203765e45dd.tar.gz openbsd-c2f9a0271169166b38060ef5e36ef203765e45dd.tar.bz2 openbsd-c2f9a0271169166b38060ef5e36ef203765e45dd.zip

diff --git a/src/lib/libc/stdlib/malloc.3 b/src/lib/libc/stdlib/malloc.3 index edcd748ed9..2458834302 100644 --- a/src/lib/libc/stdlib/malloc.3 +++ b/src/lib/libc/stdlib/malloc.3
@@ -30,9 +30,9 @@
30	.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF	30	.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31	.\" SUCH DAMAGE.	31	.\" SUCH DAMAGE.
32	.\"	32	.\"
33	.\" $OpenBSD: malloc.3,v 1.58 2008/11/26 12:06:54 pedro Exp $	33	.\" $OpenBSD: malloc.3,v 1.59 2008/12/29 22:25:50 djm Exp $
34	.\"	34	.\"
35	.Dd $Mdocdate: November 26 2008 $	35	.Dd $Mdocdate: December 29 2008 $
36	.Dt MALLOC 3	36	.Dt MALLOC 3
37	.Os	37	.Os
38	.Sh NAME	38	.Sh NAME
@@ -249,6 +249,13 @@ Currently junk is bytes of 0xd0 when allocating; this is pronounced
249	.Dq Duh .	249	.Dq Duh .
250	\&:-)	250	\&:-)
251	Freed chunks are filled with 0xdf.	251	Freed chunks are filled with 0xdf.
		252	.It Cm L
		253	.Dq Lock .
		254	Lock critical data structures using
		255	.Xr mprotect 2
		256	to protect against modification except by
		257	.Nm
		258	and related routines.
252	.It Cm P	259	.It Cm P
253	.Dq Move allocations within a page.	260	.Dq Move allocations within a page.
254	Allocations larger than half a page but smaller than a page	261	Allocations larger than half a page but smaller than a page