This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

malloc: Security implications of tcache

From: Moritz Eckert <m dot eckert at cs dot ucsb dot edu>
To: libc-alpha at sourceware dot org
Date: Thu, 8 Feb 2018 13:31:45 -0800
Subject: malloc: Security implications of tcache
Authentication-results: sourceware.org; auth=none

Hey,

I was wondering if people are aware of the security implications of thetcache structure?

Itis operating in similar fashion to the fastbin free-list, but withoutany security checks at all to detect memory corruptions.This leads back to unconstrained writes and unconstrained arbitraryallocations, similar to the times of dlmalloc.Eventually, this makes all the security checks introduced before ratherpointless, as they are bypassed completely by design.

There is no real fix to this problem, apart from disabling the tcache ofcourse, so I was wondering what lead to the decision to remove securitychecks in this context?


Thank you,
Moritz

Follow-Ups:
- Re: malloc: Security implications of tcache
  - From: Ondřej Bílka
- Re: malloc: Security implications of tcache
  - From: Carlos O'Donell

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]