because it's better than one.
frankly, it's a starting point. if 8 or 42 is better we can tune from there.
or replace it with something that's better to do the same thing - if
that can be come up with. Do you have a better suggestion?
On Thu, May 1, 2014 at 12:52 PM, Marc Espie wrote:
> Sorry,
On Thu, May 01, 2014 at 20:52, Marc Espie wrote:
> Sorry, badly phrased reply. I didn't mean to imply it was a bad idea, but
> you didn't explain at all why 4, and not 3 or 6, or 42 ? If it's good with
> 4, it ought to be better with more, right ? any data point or rationale for
> choosing 4 ?
Th
> Sorry, badly phrased reply. I didn't mean to imply it was a bad idea, but
> you didn't explain at all why 4, and not 3 or 6, or 42 ? If it's good with
> 4, it ought to be better with more, right ? any data point or rationale for
> choosing 4 ?
Why does Ted have to explain his heuristic?
Should
Sorry, badly phrased reply. I didn't mean to imply it was a bad idea, but
you didn't explain at all why 4, and not 3 or 6, or 42 ? If it's good with
4, it ought to be better with more, right ? any data point or rationale for
choosing 4 ?
Okay, the question is: why 4 ? why not 3 ? or 2 ? or 8 ?
Where do you stop ? how did you figure out that 4 was better ?
This looks a bit like "hey, let's make our own crypto code, it ought to
work just fine, right ?"
Lots of things get allocated with malloc. Including structures with
function pointers in them. I don't count myself as an exploit expert,
but I do know if I can manage to get to a situation where I have a
writable, predictable location in memory that I know will get called
in short order by someth
On Thu, May 01, 2014 at 15:57, Damien Miller wrote:
> On Thu, 1 May 2014, Ted Unangst wrote:
>
>> What's better than a freelist? Four freelists!
>
> Apart from moar = better, what's the motivation? Do you have a particular
> attack in mind? The only thing I can think of where this change might he
On Thu, 1 May 2014, Ted Unangst wrote:
> What's better than a freelist? Four freelists!
Apart from moar = better, what's the motivation? Do you have a particular
attack in mind? The only thing I can think of where this change might help
is an attack that speculatively spams small offsets from the
What's better than a freelist? Four freelists!
For each chunk size, pick one of four freelists at random. This
scatters allocations about some more and eliminates the guarantee that
consecutive allocations will always be on the same page.
Technically, there is no bound to how much memory will be
