[uClibc] malloc in uclibc

[Peter S. Mazinger]

Hello!

The PaX project (pax.grsecurity.net) provides heap randomization, but the 
malloc implementation of uClibc does not work with it (tested w/ 
malloc-standard). I copied 2 messages from the pax developer:

1.
ok, after some debugging i think this caused by uclibc and its
malloc implementation, i haven't checked that code but it seems
it doesn't use brk(0) to learn the beginning of the brk() region
but something else, my bet is that it simply takes the _end symbol
and rounds it up to be 16 byte aligned. it's probably a feature
but unfortunately it makes brk() randomization pointless as well
under uclibc - you may want to bring this to the developers'
attention.

2.
i've quickly grepped through this code and i can't really tell from
that which malloc() implementation is the best (for randomization),
in fact, i had the impression that none of them is as they they
don't seem be to doing a sbrk(0) at all on startup (which is how glibc
learns the beginning of the randomized heap). you could verify this
by simply compiling your uclibc with all 3 versions and run paxtest
on them, i think none of them will show heap randomization. in that
case you should probably talk to the uclibc developers to consider
using sbrk(0) instead of _end to derive the beginning of the heap.
note that this however breaks some unix tradition (at least that's
what i read on a fedora list last november) and some apps may not
work properly, like some lisp stuff which apparently assumed that
_end == sbrk(0) on startup.

Peter

-- 
Peter S. Mazinger <ps dot m at gmx dot net>           ID: 0xA5F059F2
Key fingerprint = 92A4 31E1 56BC 3D5A 2D08  BB6E C389 975E A5F0 59F2


____________________________________________________________________
Miert fizetsz az internetert? Korlatlan, ingyenes internet hozzaferes a FreeStarttol.
Probald ki most! http://www.freestart.hu