Ignore MALLOC_CONF in set{uid,gid,cap} binaries. This eliminates the malloc tunables as tools for an attacker. Closes #173

commit: b74041fb6e279bd8bbc133250241249f90cd619f [log] [tgz]
author: Daniel Micay <danielmicay@gmail.com> Tue Dec 09 17:41:34 2014 -0500
committer: Jason Evans <jasone@canonware.com> Sun Dec 14 15:36:15 2014 -0800
tree: b4049a1616c72e65cf5e7cec7504109791df436c
parent: e12eaf93dca308a426c182956197b0eeb5f2cff3 [diff] [blame]
diff --git a/configure.ac b/configure.ac
index 8b1e55e..82bdefd 100644
--- a/configure.ac
+++ b/configure.ac

@@ -1108,6 +1108,24 @@
 
 CPPFLAGS="$CPPFLAGS -D_REENTRANT"
 
+dnl Check if the GNU-specific secure_getenv function exists.
+AC_CHECK_FUNC([secure_getenv],
+              [have_secure_getenv="1"],
+              [have_secure_getenv="0"]
+             )
+if test "x$have_secure_getenv" = "x1" ; then
+  AC_DEFINE([JEMALLOC_HAVE_SECURE_GETENV], [ ])
+fi
+
+dnl Check if the Solaris/BSD issetugid function exists.
+AC_CHECK_FUNC([issetugid],
+              [have_issetugid="1"],
+              [have_issetugid="0"]
+             )
+if test "x$have_issetugid" = "x1" ; then
+  AC_DEFINE([JEMALLOC_HAVE_ISSETUGID], [ ])
+fi
+
 dnl Check whether the BSD-specific _malloc_thread_cleanup() exists.  If so, use
 dnl it rather than pthreads TSD cleanup functions to support cleanup during
 dnl thread exit, in order to avoid pthreads library recursion during
commit	b74041fb6e279bd8bbc133250241249f90cd619f	[log] [tgz]
author	Daniel Micay <danielmicay@gmail.com>	Tue Dec 09 17:41:34 2014 -0500
committer	Jason Evans <jasone@canonware.com>	Sun Dec 14 15:36:15 2014 -0800
tree	b4049a1616c72e65cf5e7cec7504109791df436c
parent	e12eaf93dca308a426c182956197b0eeb5f2cff3 [diff] [blame]