Ignore MALLOC_CONF in set{uid,gid,cap} binaries.

This eliminates the malloc tunables as tools for an attacker.

Closes #173
This commit is contained in:
Daniel Micay 2014-12-09 17:41:34 -05:00 committed by Jason Evans
parent e12eaf93dc
commit b74041fb6e
3 changed files with 50 additions and 1 deletions

View File

@ -1108,6 +1108,24 @@ fi
CPPFLAGS="$CPPFLAGS -D_REENTRANT"
dnl Check if the GNU-specific secure_getenv function exists.
AC_CHECK_FUNC([secure_getenv],
[have_secure_getenv="1"],
[have_secure_getenv="0"]
)
if test "x$have_secure_getenv" = "x1" ; then
AC_DEFINE([JEMALLOC_HAVE_SECURE_GETENV], [ ])
fi
dnl Check if the Solaris/BSD issetugid function exists.
AC_CHECK_FUNC([issetugid],
[have_issetugid="1"],
[have_issetugid="0"]
)
if test "x$have_issetugid" = "x1" ; then
AC_DEFINE([JEMALLOC_HAVE_ISSETUGID], [ ])
fi
dnl Check whether the BSD-specific _malloc_thread_cleanup() exists. If so, use
dnl it rather than pthreads TSD cleanup functions to support cleanup during
dnl thread exit, in order to avoid pthreads library recursion during

View File

@ -66,6 +66,16 @@
*/
#undef JEMALLOC_OSSPIN
/*
* Defined if secure_getenv(3) is available.
*/
#undef JEMALLOC_HAVE_SECURE_GETENV
/*
* Defined if issetugid(2) is available.
*/
#undef JEMALLOC_HAVE_ISSETUGID
/*
* Defined if _malloc_thread_cleanup() exists. At least in the case of
* FreeBSD, pthread_key_create() allocates, which if used during malloc

View File

@ -648,6 +648,27 @@ stats_print_atexit(void)
* Begin initialization functions.
*/
#ifndef JEMALLOC_HAVE_SECURE_GETENV
# ifdef JEMALLOC_HAVE_ISSETUGID
static char *
secure_getenv(const char *name)
{
if (issetugid() == 0)
return (getenv(name));
else
return (NULL);
}
# else
static char *
secure_getenv(const char *name)
{
return (getenv(name));
}
# endif
#endif
static unsigned
malloc_ncpus(void)
{
@ -824,7 +845,7 @@ malloc_conf_init(void)
#endif
;
if ((opts = getenv(envname)) != NULL) {
if ((opts = secure_getenv(envname)) != NULL) {
/*
* Do nothing; opts is already initialized to
* the value of the MALLOC_CONF environment