This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
malloc: Security implications of tcache
- From: Moritz Eckert <m dot eckert at cs dot ucsb dot edu>
- To: libc-alpha at sourceware dot org
- Date: Thu, 8 Feb 2018 13:31:45 -0800
- Subject: malloc: Security implications of tcache
- Authentication-results: sourceware.org; auth=none
Hey,
I was wondering if people are aware of the security implications of the
tcache structure?
Itis operating in similar fashion to the fastbin free-list, but without
any security checks at all to detect memory corruptions.
This leads back to unconstrained writes and unconstrained arbitrary
allocations, similar to the times of dlmalloc.
Eventually, this makes all the security checks introduced before rather
pointless, as they are bypassed completely by design.
There is no real fix to this problem, apart from disabling the tcache of
course, so I was wondering what lead to the decision to remove security
checks in this context?
Thank you,
Moritz