For "sensitive" processes, we always set the 'A' flag which causes abort()

to be called on first sight of trouble. "sensitive" is somewhat arbitrarily defined as "setuid, setgid, uid == root or gid == wheel". The 'A' option carries no performance penalty. It is not possible to override this setting: fix the program instead. Absentmindedly nodded OK to by: various
2003-01-23 21:26:47 +00:00 · 2003-01-23 21:26:47 +00:00 · e0c2da42ec
commit e0c2da42ec
parent fd045cf566
1 changed files with 7 additions and 0 deletions
--- a/lib/libc/stdlib/malloc.c
+++ b/lib/libc/stdlib/malloc.c
@ -465,6 +465,13 @@ malloc_init ()
 	}
    }

+    /*
+     * Sensitive processes, somewhat arbitrarily defined here as setuid,
+     * setgid, root and wheel cannot afford to have malloc mistakes.
+     */
+    if (issetugid() || getuid() == 0 || getgid() == 0)
+	    malloc_abort = 1;
+
    UTRACE(0, 0, 0);

    /*