Recent informative ML thread: List of security features in musl. http://www.openwall.com/lists/musl/2016/02/11/4 …
@CopperheadSec I'd rather see a list of malloc security goals and see if we could meet most in the next-gen production-quality malloc.
-
-
@RichFelker Aiming for performance leads to a much different design. A hardened allocator doesn't have inline metadata. Can't do both well. -
@RichFelker Relying on inline metadata ends up ruling out good security properties like a guaranteed abort for free(any_invalid_address). -
@CopperheadSec How so? Check header==(footer^secret). This will, with high probability, catch invalid frees. -
@RichFelker Not at all the same. Uninitialized data access and out-of-bounds reads (especially one element past the end) are very common. -
@RichFelker It's not the only missing guarantee anyway. It's just one example a nice security property gained from non-inline metadata. -
@RichFelker Anyway, if you have headers and/or footers, it's not comparable to modern performance-oriented allocators without that overhead. -
@CopperheadSec I'm generally of the view that "modern performance-oriented allocators" are a load of crap. :-) -
@CopperheadSec Headers/footers, if validated well, also go a long way towards mitigating exploitable off-by-1 heap overflows. - 2 more replies
New conversation -
-
-
@CopperheadSec Last I checked the memory waste and performance costs of OpenBSD malloc made it completely unsuitable for production use IMO. -
@RichFelker It uses a zone-based design which results in lower memory usage than dlmalloc-style allocators. It does use coarse size classes. -
@RichFelker The coarse size classes aren't an inherent property of the design though. It's just the fragmentation trade-off they picked. -
@RichFelker The performance for allocations smaller than the page size is fine, but it lacks thread caches to amortize the locking costs. -
@CopperheadSec Awful space and time overhead is going to be around the 2-20 kB range. Syscall for each alloc/free. -
@RichFelker Not sure what you mean. The zone-based design results in the overhead per allocation being measured in bits, not bytes. -
@RichFelker It's essentially the same design as jemalloc but jemalloc uses 2MiB aligned regions with headers rather than pages + hash table. -
@RichFelker The caching mechanism used in OpenBSD for allocations larger than the page size very naive, sure. Small allocations work well.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.