RE: vulndev-1 and a suggestion about the ensuing discussion

From: Michael Wojcik (Michael.Wojcik_at_microfocus.com)
Date: 05/16/03

  • Next message: Thijs Dalhuijsen: "possible format string in ultra edit 8.00"
    To: vuln-dev@securityfocus.com
    Date: Thu, 15 May 2003 15:48:54 -0700
    
    

    > From: xenophi1e [mailto:oliver.lavery@sympatico.ca]
    > Sent: Thursday, May 15, 2003 12:47 PM

    > 3) How could the layout of malloc()s bookeeping info be smarter? Are
    > there any platforms that have allocators that are more robust against
    > overruns?

    To answer the second question first: there are platforms like C/400 on the
    AS/400, where C programs in essence run under a virtual machine, and most
    out-of-bounds accesses will immediately trap.

    To answer the first: malloc could certainly keep its information somewhere
    other than adjacent to user buffers. For example, it might instead use a
    list of separately-allocated records (or better a list of blocks of records,
    where each block was a data structure suitable for relatively fast access,
    probably a hashtable keyed on a hash of the address returned by malloc).
    With help from mprotect or equivalent these areas could further be protected
    with guard pages. There'd be a performance penalty for such a scheme
    (versus having each malloc'd area carry its own information, as is typical),
    but besides making the heap harder to corrupt, it'd let the implementation
    catch invalid and duplicate free's.

    -- 
    Michael Wojcik
    Principal Software Systems Developer, Micro Focus
    

  • Next message: Thijs Dalhuijsen: "possible format string in ultra edit 8.00"