lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: guninski at guninski.com (Georgi Guninski)
Subject: Port of FreeBSD heap to Linux

There is a port of the freebsd heap to linux at:
http://www.guninski.com/wares/free10.tar.gz
md5sum free10.tar.gz
c20d5f2d4790fdecc6d1f0005aaa9d2d  free10.tar.gz

The README:

Port of FreeBSD's heap implementation to Linux.

This is a linux port of the heap implementation originally written 
by phk@...eBSD.ORG.

Why: It is considered safer than the linux heap implementation.
double free bugs does not seem exploitable, some heap overflows also may
not be exploitable.
Of course it *does not* give 100% protection against heap mischief.

Ported to linux by Georgi Guninski guninski@...inski.com

INSTALL
1. make
2. cp mallib.so /usr/local/lib
3. LD_PRELOAD=/usr/local/lib/mallib.so PROGRAM
or export LD_PRELOAD=/usr/local/lib/mallib.so



mallib.so should be readable and executable by all users.

to check if the new heap is loaded:
cat /proc/<pid>/maps
mallib.so should be in the output.

to use the new heap globally:
put in /etc/ld.so.preload
/usr/local/lib/mallib.so


To change the heap options
# cd /etc
# ln -s <options> /etc/malloc.conf

The shared library works with static binaries also.

NOTE:
if you use it globally, start a program after editing /etc/ld.so.preload to 
check whether it works before booting.
If there is a problem, you may need to remove mallib.so from ld.so.preload.

DON'T OVERWRITE mallib.so if it is running globally - box may freeze!

Globally works on debian and redhat.


KNOWN BUGS:

1.memalign() is just a wrapper to malloc() which is not correct.
2.does the mutex stuff work?
3.The only bug I have encountered is a X server and KDE crash on debian.
4.What are the best options for the bsd heap - /etc/malloc.conf

TODO:
1. Make memalign work as expected.

CREDITS
gbr, peio
for testing

-- 
georgi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ