[PATCH] D20084: [sanitizer] Initial implementation of a Hardened Allocator
Alexander Potapenko via llvm-commits
llvm-commits at lists.llvm.org
Thu May 12 10:12:00 PDT 2016
glider added a comment.
BTW we've been discussing the issue with the random seed (and the header cookies) being reused upon fork() today.
If you've a service that forks in response to every client request, it can be exploited by brute-forcing the CRC of a single object (which remains the same upon fork())
Thus two questions arise:
- shouldn't we increase the size of the header's crc32 to, um, 32 bits?
- is it possible to re-initialize the seed and the cookie upon fork() (a dummy solution is to iterate over the heap and fix all headers, but maybe there's something more elegant?)
http://reviews.llvm.org/D20084
More information about the llvm-commits
mailing list