diff options
author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2015-11-14 07:02:24 +0000 |
---|---|---|
committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2015-11-14 07:02:24 +0000 |
commit | 1ec84b09e9a6b35048e8c514f34afe1eaaf152ff (patch) | |
tree | 7d850dcc4a56f6b9765587f1a4a2c2db8cd2bb6a /sys/lib | |
parent | b654b6f72587ecd914178ccf1156e7e3beb9e793 (diff) |
For pledge "stdio", allow the break(2) system call which backends the brk/sbrk
library routines. The manpage declares, in bold:
The brk() and sbrk() functions are historical curiosities left over from
earlier days before the advent of virtual memory management.
In our base tree, only one program uses these functions -- cc1 in the
gcc toolset. A historical curiosity using a historical curiosity, how
quaint. brk is used because precompiled c headers are not position
independent. Another program which relies upon brk is emacs. Other
uses of brk are EXCEEDINGLY RARE, because most software grew up and
use modern practices such as malloc and mmap, thereby gaining ASLR
benefits. Position independence has become an important part of
mitigations. These two programs fight such improvements.
Permitting brk/sbrk allows the large attack surface of cc1 to be pledged.
"I would rather have cc1 pledged than purity in pledge" guenther
Diffstat (limited to 'sys/lib')
0 files changed, 0 insertions, 0 deletions