Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / jemalloc / b74041fb6e279bd8bbc133250241249f90cd619f^! / .
commitb74041fb6e279bd8bbc133250241249f90cd619f[log] [tgz]
authorDaniel Micay <danielmicay@gmail.com>Tue Dec 09 17:41:34 2014 -0500
committerJason Evans <jasone@canonware.com>Sun Dec 14 15:36:15 2014 -0800
treeb4049a1616c72e65cf5e7cec7504109791df436c
parente12eaf93dca308a426c182956197b0eeb5f2cff3 [diff]
Ignore MALLOC_CONF in set{uid,gid,cap} binaries.

This eliminates the malloc tunables as tools for an attacker.

Closes #173

diff --git a/configure.ac b/configure.ac
index 8b1e55e..82bdefd 100644
--- a/configure.ac
+++ b/configure.ac

@@ -1108,6 +1108,24 @@
 
 CPPFLAGS="$CPPFLAGS -D_REENTRANT"
 
+dnl Check if the GNU-specific secure_getenv function exists.
+AC_CHECK_FUNC([secure_getenv],
+              [have_secure_getenv="1"],
+              [have_secure_getenv="0"]
+             )
+if test "x$have_secure_getenv" = "x1" ; then
+  AC_DEFINE([JEMALLOC_HAVE_SECURE_GETENV], [ ])
+fi
+
+dnl Check if the Solaris/BSD issetugid function exists.
+AC_CHECK_FUNC([issetugid],
+              [have_issetugid="1"],
+              [have_issetugid="0"]
+             )
+if test "x$have_issetugid" = "x1" ; then
+  AC_DEFINE([JEMALLOC_HAVE_ISSETUGID], [ ])
+fi
+
 dnl Check whether the BSD-specific _malloc_thread_cleanup() exists.  If so, use
 dnl it rather than pthreads TSD cleanup functions to support cleanup during
 dnl thread exit, in order to avoid pthreads library recursion during

diff --git a/include/jemalloc/internal/jemalloc_internal_defs.h.in b/include/jemalloc/internal/jemalloc_internal_defs.h.in
index e172c66..c8d7daf 100644
--- a/include/jemalloc/internal/jemalloc_internal_defs.h.in
+++ b/include/jemalloc/internal/jemalloc_internal_defs.h.in

@@ -67,6 +67,16 @@
 #undef JEMALLOC_OSSPIN
 
 /*
+ * Defined if secure_getenv(3) is available.
+ */
+#undef JEMALLOC_HAVE_SECURE_GETENV
+
+/*
+ * Defined if issetugid(2) is available.
+ */
+#undef JEMALLOC_HAVE_ISSETUGID
+
+/*
  * Defined if _malloc_thread_cleanup() exists.  At least in the case of
  * FreeBSD, pthread_key_create() allocates, which if used during malloc
  * bootstrapping will cause recursion into the pthreads library.  Therefore, if

diff --git a/src/jemalloc.c b/src/jemalloc.c
index f7cc457..48de0da 100644
--- a/src/jemalloc.c
+++ b/src/jemalloc.c

@@ -648,6 +648,27 @@
  * Begin initialization functions.
  */
 
+#ifndef JEMALLOC_HAVE_SECURE_GETENV
+#  ifdef JEMALLOC_HAVE_ISSETUGID
+static char *
+secure_getenv(const char *name)
+{
+
+	if (issetugid() == 0)
+		return (getenv(name));
+	else
+		return (NULL);
+}
+#  else
+static char *
+secure_getenv(const char *name)
+{
+
+	return (getenv(name));
+}
+#  endif
+#endif
+
 static unsigned
 malloc_ncpus(void)
 {
@@ -824,7 +845,7 @@
 #endif
 			    ;
 
-			if ((opts = getenv(envname)) != NULL) {
+			if ((opts = secure_getenv(envname)) != NULL) {
 				/*
 				 * Do nothing; opts is already initialized to
 				 * the value of the MALLOC_CONF environment