, 2005-09-28
Recently, a good friend of mine forwarded me an article from kerneltrap.org, which talked about a new heap implementation that's being introduced into an upcoming release of the OpenBSD operating system. This article was of specific interest to me, as I have been experimenting with the creation of a more secure heap implementation myself.
Expand all |
Post comment
For example, let's say you allocated a big chunk of memory, and the heap returned a chunk of memory for you.
[ CHUNK ] <-- void *chunk;
[ CHUNK ]
[ CHUNK ]
Guard pages would basically look like this:
[ GUARD PAGE ]
[ CHUNK ] <-- void *chunk;
[ CHUNK ]
[ CHUNK ]
[ SLACK SPACE ] (dependent on chunk size)
[ GUARD PAGE ]
And as such, if you accessed the byte of memory before your chunk began, you were be touching the guard page, which would cause an exception. Because of page boundaries, the guard page following your chunk may not be immediately adjacent to it, but it will be between your chunk and any subsequent chunks. The point is any access of the guard pages is invalid, and will cause an immediate exception.
Guard pages only separate individual chunks when they are of a specific size; smaller chunks are allocated pseudo-randomly within a single guard-page protected chunk.
Hope that helps, drop me a line personally if you have any further questions.
And, with regard to the three BSD's, I'm assuming that you're forgetting about NetBSD. The three most popular branches of BSD are FreeBSD, OpenBSD, and NetBSD (probably in that order).
bash-3.00$ uname
NetBSD
If you're a fan of BSD, I'd strongly encourage you to give it a try.
J.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/359/32479#32479