Conversation
Now, I am trying to figure out the differences or similarities between Scudo and other secure allocators, like 's malloc ( ) or 's malloc or Guarder (usenix.org/system/files/c)
[2]
1
1
After reading the series of nice tweets from (twitter.com/ebeip90/status), I understood some things but still learning and still have to read the source code of the above mentioned secure allocators.
[3]
This Tweet is unavailable.
1
1
Here, I am just trying to summarize the differences (compare to Scudo), please correct me, if I misunderstood:
1. Scudo can't reliably detect invalid free.
2. It lacks fine grained randomization.
Is there any differences if we try to compare all 3 above mentioned allocators?🤔
3
1
1
Scudo detects misaligned deallocations, invalid deallocations, or double deallocations. Allocations are randomized within their size class regions and based on the underlying OS memory mapping primitives randomization
2
2
There's a substantial difference between detecting something reliably with a deterministic mitigation, or a weak probabilistic one that an attacker can bypass via information leaks or brute force. It's an important distinction. Detection of those things needs to be qualified.
The mmap randomization on Linux is high entropy base randomization for the mmap as a whole so leaking a (partial) pointer reveals it. Relative offsets within it also aren't random and it packs everything together by best-fit so it's not inherently sparse & heap sprays work well.
1
2
There's a detailed README for hardened_malloc at github.com/GrapheneOS/har and I suggest that people read that and also don't misrepresent it in comparisons to other allocators:
github.com/GrapheneOS/har
The differences with Scudo certainly don't boil down to a few minor points.
1
2
Show replies