project-base/server-skynet-source-3rd-jemalloc
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Ignore MALLOC_CONF in set{uid,gid,cap} binaries.

Browse Source 
This eliminates the malloc tunables as tools for an attacker.

Closes #173
This commit is contained in:
Daniel Micay 2014-12-09 17:41:34 -05:00 committed by Jason Evans
parent e12eaf93dc
commit b74041fb6e
3 changed files with 50 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
configure.ac
View File

@ -1108,6 +1108,24 @@ fi
CPPFLAGS="$CPPFLAGS -D_REENTRANT" CPPFLAGS="$CPPFLAGS -D_REENTRANT"
dnl Check if the GNU-specific secure_getenv function exists.
AC_CHECK_FUNC([secure_getenv],
[have_secure_getenv="1"],
[have_secure_getenv="0"]
)
if test "x$have_secure_getenv" = "x1" ; then
AC_DEFINE([JEMALLOC_HAVE_SECURE_GETENV], [ ])
fi
dnl Check if the Solaris/BSD issetugid function exists.
AC_CHECK_FUNC([issetugid],
[have_issetugid="1"],
[have_issetugid="0"]
)
if test "x$have_issetugid" = "x1" ; then
AC_DEFINE([JEMALLOC_HAVE_ISSETUGID], [ ])
fi
dnl Check whether the BSD-specific _malloc_thread_cleanup() exists. If so, use dnl Check whether the BSD-specific _malloc_thread_cleanup() exists. If so, use
dnl it rather than pthreads TSD cleanup functions to support cleanup during dnl it rather than pthreads TSD cleanup functions to support cleanup during
dnl thread exit, in order to avoid pthreads library recursion during dnl thread exit, in order to avoid pthreads library recursion during

10
include/jemalloc/internal/jemalloc_internal_defs.h.in
View File

@ -66,6 +66,16 @@
*/ */
#undef JEMALLOC_OSSPIN #undef JEMALLOC_OSSPIN
/*
* Defined if secure_getenv(3) is available.
*/
#undef JEMALLOC_HAVE_SECURE_GETENV
/*
* Defined if issetugid(2) is available.
*/
#undef JEMALLOC_HAVE_ISSETUGID
/* /*
* Defined if _malloc_thread_cleanup() exists. At least in the case of * Defined if _malloc_thread_cleanup() exists. At least in the case of
* FreeBSD, pthread_key_create() allocates, which if used during malloc * FreeBSD, pthread_key_create() allocates, which if used during malloc

23
src/jemalloc.c
View File

@ -648,6 +648,27 @@ stats_print_atexit(void)
* Begin initialization functions. * Begin initialization functions.
*/ */
#ifndef JEMALLOC_HAVE_SECURE_GETENV
# ifdef JEMALLOC_HAVE_ISSETUGID
static char *
secure_getenv(const char *name)
{
if (issetugid() == 0)
return (getenv(name));
else
return (NULL);
}
# else
static char *
secure_getenv(const char *name)
{
return (getenv(name));
}
# endif
#endif
static unsigned static unsigned
malloc_ncpus(void) malloc_ncpus(void)
{ {
@ -824,7 +845,7 @@ malloc_conf_init(void)
#endif #endif
; ;
if ((opts = getenv(envname)) != NULL) { if ((opts = secure_getenv(envname)) != NULL) {
/* /*
* Do nothing; opts is already initialized to * Do nothing; opts is already initialized to
* the value of the MALLOC_CONF environment * the value of the MALLOC_CONF environment