Re: [exim] Tainting & rewrite rules

Página Inicial
Delete this message
Reply to this message
Autor: Jeremy Harris
Data:  
Para: exim-users
Assunto: Re: [exim] Tainting & rewrite rules
On 16/01/2020 10:30, Evgeniy Berdnikov via Exim-users wrote:
> However, the assumption that malloc() and its derivative functions use
> only sbrk(2) is too optimistic. :-) And it is definitely wrong for
> glibc-based implementations, including Linux, where "man malloc" says:
>
>    Normally, malloc() allocates memory from the heap, and adjusts the size
>    of the heap as required, using sbrk(2).  When allocating blocks of mem-
>    ory larger than MMAP_THRESHOLD bytes, the glibc malloc() implementation
>    allocates  the  memory  as  a  private anonymous mapping using mmap(2).


Thanks for the reference.

> Maybe some variation of this approach have chances to survive, say,
> special pools with "untainted" strings and special functions to put
> a string to such pool after all checks (other strings should be
> considered as "tainted").


Oddly enough, that is exactly what is implemented for the "slow"
version of taint-tracking.
--
Cheers,
Jeremy