[RFC PATCH 0/3] Improved ALSR
Szabolcs Nagy
szabolcs.nagy@arm.com
Mon Nov 23 16:41:13 GMT 2020
The 11/23/2020 18:06, Topi Miettinen via Libc-alpha wrote:
> No comments at all? I see several implementation options here:
>
> 1. Always use mmap() instead of sbrk(), delete any uses of sbrk()
>
> I have hard time thinking why sbrk() would ever be the preferred choice over
> mmap(), especially considering security. There may be some bytes wasted, so
i'm not against using mmap instead brk in malloc
but the latter has more overhead so such change
should be measured.
> 2. Conditionally use mmap() instead of sbrk()
>
> Something like `#define USE_SBRK`, enabled by `configure` or a header file.
i think configure time option is not a good idea,
but e.g. it can be a runtime tunable.
> I've been using a patched glibc for a month without seeing problems. I
> enabled audit logging for the brk() system call and installed a global
> seccomp filter (in initrd) which returns ENOSYS to catch any uses. So far
> I've only noticed that cpp (used by X11 startup in addition to compiling)
> calls sbrk() to check memory usage. Perhaps it should use official malloc
> statistics interface instead, since malloc() may use mmap() for other
> reasons and then sbrk() won't return true data.
sbrk should continue to work even if glibc itself
does not use it internally, that's public api/abi.
More information about the Libc-alpha
mailing list