@CopperheadSec I'd rather see a list of malloc security goals and see if we could meet most in the next-gen production-quality malloc.
-
-
Replying to @RichFelker
@RichFelker Aiming for performance leads to a much different design. A hardened allocator doesn't have inline metadata. Can't do both well.1 reply 0 retweets 0 likes -
Replying to @CopperheadOS
@RichFelker Relying on inline metadata ends up ruling out good security properties like a guaranteed abort for free(any_invalid_address).2 replies 0 retweets 0 likes -
Replying to @CopperheadOS
@CopperheadSec How so? Check header==(footer^secret). This will, with high probability, catch invalid frees.1 reply 0 retweets 0 likes -
Replying to @RichFelker
@RichFelker Not at all the same. Uninitialized data access and out-of-bounds reads (especially one element past the end) are very common.1 reply 0 retweets 0 likes -
Replying to @CopperheadOS
@RichFelker It's not the only missing guarantee anyway. It's just one example a nice security property gained from non-inline metadata.1 reply 0 retweets 0 likes -
Replying to @CopperheadOS
@RichFelker Anyway, if you have headers and/or footers, it's not comparable to modern performance-oriented allocators without that overhead.2 replies 0 retweets 0 likes -
Replying to @CopperheadOS
@CopperheadSec I'm generally of the view that "modern performance-oriented allocators" are a load of crap. :-)2 replies 0 retweets 0 likes -
Replying to @RichFelker
@CopperheadSec Headers/footers, if validated well, also go a long way towards mitigating exploitable off-by-1 heap overflows.1 reply 0 retweets 0 likes -
Replying to @RichFelker
@RichFelker They are, but it can be better without the metadata there at all. Spending two extra bits per allocation isn't very significant.1 reply 0 retweets 0 likes
@CopperheadSec I've considered size-segregated pools with atomic TAS bitmaps to solve frag, overhead, and lock contention.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.