Alt-Linux's openbsd-malloc-0-alt0.M30.1.src.rpm adds issetugid(3):
+extern int __libc_enable_secure;
+
+static int issetugid(void)
+{
+ if (__libc_enable_secure) return 1;
+ if (getuid() != geteuid()) return 1;
+ if (getgid() != getegid()) return 1;
+ return 0;
+}It's not quite the same as a issetugid(2) syscall, but without patching the kernel its as close as it gets. This will allow issetugid=yes from various ./configure scripts. Ncurses, Trac, Xorg, Slang, Dante, KDE, Apache, Ruby, Libedit, to name a few, will use this function if it's found... most packages do not check for __libc_enable_secure. issetugid should get a prototype in unistd.h too. This is dead easy to add to Glibc. Alt-Linux is experimenting with this malloc.c because it doesn't use the brk syscall, and is less prone to heap fragmentation. Their .spec file says it's working with Firefox, but not Emacs... so it looks like there are kinks to work out. I'm not sure if it depends on kernel support, but according to: http://en.wikipedia.org/wiki/OpenBSD_security_features this malloc "was modified so that it returns random memory addresses and ensures that different areas are not mapped next to each other. In addition, allocation of small blocks in shared areas are now randomized and the free function was changed to return memory to the kernel immediately rather than leaving it mapped into the process". This depends on arc4random(3), which was replaced by rand(3) in the Alt-Linux version, but either will work. arc4random.c was recently modified to stop using getpid(2) and gettimeofday(2), and depends solely on sysctl so that malloc will not cause a getpid syscall when using arc4random(3). Using arc4random in malloc would make using sysctl more important, so it works in an empty chroot. So anyway, it looks like a good idea to add issetugid as an alias/wrapper to __libc_enable_secure in libc because it should be perfectly stable and saves us the trouble of patching countless packages to use __libc_enable_secure. Packages like OpenSSL, which do not use autoconf, will still need to be patched. The malloc replacement is nice, but unstable. I'm going to try using it to completely replace Glibc's malloc.c to see if the base system will build with it. robert
pgpx19939PiQ6.pgp
Description: PGP signature
-- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
