This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: Patch to further harden glibc malloc metadata against 1-byte overflows
- From: DJ Delorie <dj at redhat dot com>
- To: Chris Evans <scarybeasts at gmail dot com>
- Cc: libc-alpha at sourceware dot org, fweimer at redhat dot com
- Date: Tue, 21 Mar 2017 19:14:20 -0400
- Subject: Re: Patch to further harden glibc malloc metadata against 1-byte overflows
- Authentication-results: sourceware.org; auth=none
- Authentication-results: ext-mx01.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
- Authentication-results: ext-mx01.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=dj at redhat dot com
- Dkim-filter: OpenDKIM Filter v2.11.0 mx1.redhat.com C63D481233
- Dmarc-filter: OpenDMARC Filter v1.3.2 mx1.redhat.com C63D481233
Chris Evans <scarybeasts@gmail.com> writes:
> As a follow up question: is there any appetite for any additional
> glibc malloc metadata checks? While studying the code, I noticed a few
> extra checks that could be added here and there. I don't think any of
> them would be as useful as security defenses, but maybe they could
> trap heap corruptions closer to the time they occurred. Any interest?
I'm open to more malloc hardening, sure. Better to fix the holes
*before* they're turned into exploits, as long as performance doesn't
suffer too much.
If you're going to be a regular contributor now, though, we might
consider streamlining the process a bit ;-)