|
|
lug-bg: Fwd: Port of FreeBSD heap to Linux
- Subject: lug-bg: Fwd: Port of FreeBSD heap to Linux
- From: George Danchev <danchev@xxxxxxxxx>
- Date: Fri, 30 Jan 2004 09:29:40 +0200
може да е интересно на някои sec изследователи.
---------- Forwarded Message ----------
Subject: Port of FreeBSD heap to Linux
Date: Wednesday 28 January 2004 17:07
From: Georgi Guninski <guninski@xxxxxxxxxxxx>
To: security@xxxxxxxxxxxx
There is a port of the freebsd heap to linux at:
http://www.guninski.com/wares/free10.tar.gz
md5sum free10.tar.gz
c20d5f2d4790fdecc6d1f0005aaa9d2d free10.tar.gz
The README:
--------------
Port of FreeBSD's heap implementation to Linux.
This is a linux port of the heap implementation originally written
by phk@xxxxxxxxxxx.
Why: It is considered safer than the linux heap implementation.
double free bugs does not seem exploitable, some heap overflows also may
not be exploitable.
Of course it *does not* give 100% protection against heap mischief.
Ported to linux by Georgi Guninski guninski@xxxxxxxxxxxx
INSTALL
1. make
2. cp mallib.so /usr/local/lib
3. LD_PRELOAD=/usr/local/lib/mallib.so PROGRAM
or export LD_PRELOAD=/usr/local/lib/mallib.so
mallib.so should be readable and executable by all users.
to check if the new heap is loaded:
cat /proc/<pid>/maps
mallib.so should be in the output.
to use the new heap globally:
put in /etc/ld.so.preload
/usr/local/lib/mallib.so
To change the heap options
# cd /etc
# ln -s <options> /etc/malloc.conf
The shared library works with static binaries also.
NOTE:
if you use it globally, start a program after editing /etc/ld.so.preload to
check whether it works before booting.
If there is a problem, you may need to remove mallib.so from ld.so.preload.
DON'T OVERWRITE mallib.so if it is running globally - box may freeze!
Globally works on debian and redhat.
KNOWN BUGS:
1.memalign() is just a wrapper to malloc() which is not correct.
2.does the mutex stuff work?
3.The only bug I have encountered is a X server and KDE crash on debian.
4.What are the best options for the bsd heap - /etc/malloc.conf
TODO:
1. Make memalign work as expected.
CREDITS
gbr, peio
for testing
--
georgi
----------------------
You may visit Guninski Security Mailing List page at
http://www.guninski.com/mailinglist.html
----------------------
-------------------------------------------------------
--
pub 4096R/0E4BD0AB 2003-03-18 <keyserver.bu.edu ; pgp.mit.edu>
fingerprint 1AE7 7C66 0A26 5BFF DF22 5D55 1C57 0C89 0E4B D0AB
============================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
============================================================================
|
|
|