From owner-freebsd-current@FreeBSD.ORG Tue Feb 17 19:19:03 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 44D6016A4CE; Tue, 17 Feb 2004 19:19:03 -0800 (PST) Received: from mailout2.pacific.net.au (mailout2.pacific.net.au [61.8.0.85]) by mx1.FreeBSD.org (Postfix) with ESMTP id BF4B343D1F; Tue, 17 Feb 2004 19:19:02 -0800 (PST) (envelope-from bde@zeta.org.au) Received: from mailproxy1.pacific.net.au (mailproxy1.pacific.net.au [61.8.0.86])i1I3J15O015634; Wed, 18 Feb 2004 14:19:01 +1100 Received: from gamplex.bde.org (katana.zip.com.au [61.8.7.246]) i1I3Ix0I017835; Wed, 18 Feb 2004 14:19:00 +1100 Date: Wed, 18 Feb 2004 14:18:59 +1100 (EST) From: Bruce Evans X-X-Sender: bde@gamplex.bde.org To: current@freebsd.org Message-ID: <20040218140756.S20006@gamplex.bde.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: standard error handling for malloc() broken for user root and group wheel X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Feb 2004 03:19:03 -0000 User root and group wheel cannot get standard error handling for malloc() even if they specifically asked for it using MALLOC_OPTIONS=a or equivalent. This was broken in rev.1.73 of malloc.c. Fix: %%% Index: malloc.c =================================================================== RCS file: /home/ncvs/src/lib/libc/stdlib/malloc.c,v retrieving revision 1.84 diff -u -2 -r1.84 malloc.c --- malloc.c 28 Nov 2003 18:03:22 -0000 1.84 +++ malloc.c 16 Feb 2004 18:38:36 -0000 @@ -411,5 +411,5 @@ const char *p; char b[64]; - int i, j; + int i, j, malloc_a; int save_errno = errno; @@ -420,4 +420,5 @@ #endif /* MALLOC_EXTRA_SANITY */ + malloc_a = 0; for (i = 0; i < 3; i++) { if (i == 0) { @@ -438,6 +439,6 @@ case '>': malloc_cache <<= 1; break; case '<': malloc_cache >>= 1; break; - case 'a': malloc_abort = 0; break; - case 'A': malloc_abort = 1; break; + case 'a': malloc_abort = 0; malloc_a = 1; break; + case 'A': malloc_abort = 1; malloc_a = 0; break; #if defined(MADV_FREE) case 'h': malloc_hint = 0; break; @@ -469,9 +470,16 @@ /* - * Sensitive processes, somewhat arbitrarily defined here as setuid, - * setgid, root and wheel cannot afford to have malloc mistakes. + * Sensitive processes, somewhat arbitrarily defined here as setuid + * and setgid ones, cannot afford to have malloc mistakes. */ - if (issetugid() || getuid() == 0 || getgid() == 0) - malloc_abort = 1; + if (issetugid()) + malloc_abort = 1; + + /* + * Also, abort on malloc mistakes for root and wheel unless the user + * has explicitly asked not to. + */ + if (malloc_a == 0 && (getuid() == 0 || getgid() == 0)) + malloc_abort = 1; UTRACE(0, 0, 0); %%% Related unfixed bugs: - the special handling for sensitive processes is not documented in malloc.3. - the special handling for sensitive processes doesn't work in all cases. Processes may become sensitive after malloc() has been initialized. - the special handling for sensitive processes is not in RELENG_4. This is only a bug if the special handling is not a bug. Bruce