musl - Re: malloc and linux memory layout

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Message-ID: <20110811145458.GE132@brightrain.aerifal.cx>
Date: Thu, 11 Aug 2011 10:54:58 -0400
From: Rich Felker <dalias@...ifal.cx>
To: musl@...ts.openwall.com
Subject: Re: malloc and linux memory layout

On Thu, Aug 11, 2011 at 11:43:05AM +0400, Vasiliy Kulikov wrote:
> > The mmap zone (where mmaps are put by
> > default) starts just below the stack limit and continues downward as
> > more mappings are made.
> 
> Not only this zone.  mmap() can return address before main program text if
> there is enough space there.

Interesting.

> Other minor (Linux-specific) things:
> 
> Low unmappable pages region might be absent if the task has CAP_SYS_RAWIO
> capability.  But pages before mmap_min_addr will be mmap'ed only by
> explicit mmap(addr, ..., MAP_FIXED, ...), no libs will be there.

This is mostly irrelevant since it requires root or equivalent.
(CAP_SYS_RAWIO might as well be root since it lets you exploit
kernelspace null pointer dereference bugs to get root).

> "Reserved for kernelspace use" region might be absent too for 32-bit
> tasks running on 286-64 system.

Nice.

Rich

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.