OpenBSD Journal

Better use-after-free bug detection in -current

Contributed by ray on from the zombie-cow-protection dept.

Hot on the heels of Otto's malloc changes, Theo de Raadt (deraadt@) just committed another bug detecting measure into OpenBSD,
CVSROOT:        /cvs
Module name:    src
Changes by:     deraadt@ 2008/11/22 10:31:53

Modified files:
       sys/kern       : subr_pool.c

Log message:
Do deadbeef-style protection in pools too, by default, even though it it
is a lot slower.  Before release this should be backed out, but for now
we need everyone to run with this and start finding the use-after-free
style bugs this exposes. original version from tedu
ok everyone in the room
As with Otto's malloc changes, please report any suddenly misbehaving programs!

(Comments are closed)


Comments
  1. By Damien Miller (djm) djm@mindrot.org on http://www.mindrot.org/~djm/

    Theo's commit was to the kernel, so use-after-free's should show up as panics (good) and not misbehaviour (bad).

    Comments
    1. By Anonymous Coward (82.101.210.49) on

      > Theo's commit was to the kernel, so use-after-free's should show up as panics (good) and not misbehaviour (bad).

      So the request to "report any suddenly misbehaving programs" is based on the incorrect assumption that Theo's commit affects userland?

      Comments
      1. By tedu (udet) on

        > > Theo's commit was to the kernel, so use-after-free's should show up as panics (good) and not misbehaviour (bad).
        >
        > So the request to "report any suddenly misbehaving programs" is based on the incorrect assumption that Theo's commit affects userland?

        The kernel pretty much by definition affects userland, but the request would have been better phrased s/programs/behaviors.

      2. By Ray (66.65.42.141) ray@cyth.net on http://cyth.net/~ray/

        > > Theo's commit was to the kernel, so use-after-free's should show up as panics (good) and not misbehaviour (bad).
        >
        > So the request to "report any suddenly misbehaving programs" is based on the incorrect assumption that Theo's commit affects userland?

        Yes, sorry I was a bit hasty with publishing this article. Either way, though, testing is needed and much appreciated. Thanks!

  2. By Anonymous Coward (2a01:198:25d:0:20a:e4ff:fe32:17b2) on

    > Before release this should be backed out

    How about a sysctl or at least an ifdef?

    Comments
    1. By giezet (62.143.76.164) giezet@tkk.net.pl on

      > > Before release this should be backed out
      >
      > How about a sysctl or at least an ifdef?

      Hmm I remember reading a report from a hackathon long long ago. What I can remember very vividly is the conclusion that knobs should be avoided where possible. And quoting a snippet from theo.c:

      "#ifdef is for emacs developers."

      So, I rather doubt that this will happen :D On the other hand, what can stop us to add an #ifdef manually? We don't need to be emacs developers to accomplish that by ourselves :)

    2. By Anonymous Coward (2a01:348:108:155:216:41ff:fe53:6a45) on

      > > Before release this should be backed out
      >
      > How about a sysctl or at least an ifdef?

      Then people would disable it rather than report the problems.

      Comments
      1. By Cabal (Cabal) on http://www.enginuity.org/

        > > > Before release this should be backed out
        > >
        > > How about a sysctl or at least an ifdef?
        >
        > Then people would disable it rather than report the problems.

        And people who run releases (and would never see it) would be able to turn it on.

        Comments
        1. By tedu (udet) on

          > > > > Before release this should be backed out
          > > >
          > > > How about a sysctl or at least an ifdef?
          > >
          > > Then people would disable it rather than report the problems.
          >
          > And people who run releases (and would never see it) would be able to turn it on.

          releases don't have bugs.

          Comments
          1. By Anonymous Coward (71.94.240.83) on

            > releases don't have bugs.

            hilarity ensues

        2. By phessler (phessler) on http://theapt.org

          > > > > Before release this should be backed out
          > > >
          > > > How about a sysctl or at least an ifdef?
          > >
          > > Then people would disable it rather than report the problems.
          >
          > And people who run releases (and would never see it) would be able to turn it on.

          the people that would turn it on, would also run snapshots. which helps to make releases all that much better.

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]