On 16/01/2020 10:30, Evgeniy Berdnikov via Exim-users wrote:
> However, the assumption that malloc() and its derivative functions use
> only sbrk(2) is too optimistic. :-) And it is definitely wrong for
> glibc-based implementations, including Linux, where "man malloc" says:
>
> Normally, malloc() allocates memory from the heap, and adjusts the size
> of the heap as required, using sbrk(2). When allocating blocks of mem-
> ory larger than MMAP_THRESHOLD bytes, the glibc malloc() implementation
> allocates the memory as a private anonymous mapping using mmap(2).
Thanks for the reference.
> Maybe some variation of this approach have chances to survive, say,
> special pools with "untainted" strings and special functions to put
> a string to such pool after all checks (other strings should be
> considered as "tainted").
Oddly enough, that is exactly what is implemented for the "slow"
version of taint-tracking.
--
Cheers,
Jeremy
