Comment 31 for bug 1266492

Revision history for this message
Steve Beattie (sbeattie) wrote :

Here's a patch to glibc to set the default value of MALLOC_CHECK_ to 1 (from 3). By doing so, the malloc specific error passed to malloc_printerr() will still be displayed by default, but libc will not attempt to generate a backtrace, which is what is causing the deadlock to occur. Even if the deadlock weren't a problem, it's also valuable from a security perspective, as attempting to malloc() from the same pool that libc has already detected an attacker has corrupted is likely unsafe, and may grant an attacker a chance to regain control. This is also the reason for adding the MALLOC_CHECK_ variable to the list of environment variables for filtering when setuid/setgid programs are invoked.

People wishing to see the backtrace for debugging purposes can get the old default behavior back by setting MALLOC_CHECK_=3 in their environment.

I've verified that eglibc builds fine with this change, and that xorg-server 2:1.14.5-1ubuntu2 (not containing the workaround that Martin added in 2:1.14.5-1ubuntu3, thus would normally trigger the ld/glibc hang on i386) also builds fine when built against eglibc with this patch on all arches.

Fixing this of course doesn't address the binutils bug where ld is corrupting malloc space, or the dpkg-buildflags hardening flaw around -static and -pie (doko, is there a bug already for that?), but it will stop builds from hanging.

Note that I don't have upload privileges, so all my patches will need to be sponsored.