Date: Mon, 3 Dec 2001 14:57:55 +0100 From: Oleg Cherkasov <Oleg.Cherkasov@mail.com> To: freebsd-security@freebsd.org Subject: Re: philosophical question... Message-ID: <01120314575508.10748@vesna> In-Reply-To: <Pine.NEB.3.96L.1011203074251.94074Q-100000@fledge.watson.org> References: <Pine.NEB.3.96L.1011203074251.94074Q-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday 03 December 2001 13:44, Robert Watson wrote: > On Mon, 3 Dec 2001, Alfred Perlstein wrote: > > * Oleg Cherkasov <Oleg.Cherkasov@mail.com> [011203 03:16] wrote: > > > Think a new key 'malloc.random' for sysctl could be more useful, > > > protected with 'kern.securelevel' > 1. > > > > However, malloc(3) has nothing to do with the kernel. > > Yeah, I'm not sure why it would be keyed off of 'securelevel'. Seems to > me that we should avoid any more userland cruft being associated > unnecessarily with securelevels, actually :-). > > And if we do stuff this in a securelevel, it sounds like we need a > userland.<applicationname> sysctl namespace. More likely, we just need > this to be a flag on /etc/malloc.conf. Yes, you are right, it is better to keep it out of the kernel. But except having /etc/malloc.conf, is it better to have a shell variable MEMORY_RANDOM or MALLOC_CONF? In this case just 'weak' services can be run with that option on. We still do not know how will it affect performance ... because it will be additional cycles during memory allocation for every single *alloc() call. Some software could be very aggressive using malloc(), who knows. Oleg To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01120314575508.10748>