[Kde-nonlinux] Next KDE should be tested on OpenBSD 3.8 before release

Tue Aug 23 16:21:55 CEST 2005

[from kerneltrap]

OpenBSD: Improved Memory Allocation, Beta Testing 3.8
Posted by Jeremy on Tuesday, August 23, 2005 - 03:32

In a recent email, OpenBSD creator Theo de Raadt [interview] described 
a number of modifications to how OpenBSD allocates memory. In preparation 
for the upcoming 3.8 release, Theo asked for people to beta test -current as 
the recent modifications will likely cause instabilities in many applications. 
One of the modifications was to make the mmap system call return a random 
memory address, as well ensuring "that two objects are not mapped next to 
each other; in effect, this creates unallocated memory which we call a 'guard 
page'." Another was to update the malloc function to use mmap to obtain 
memory. Finally, the free function was updated to immediately return memory 
to the kernel and un-allocate it from the calling process. Additional changes 
were also made, but unlike these three the additional changes are not enabled 
by default as they are "too dangerous for normal software or cause too much 
of a slowdown".

Theo points out that these changes have a couple of significant impacts. He 
explains that for over a decade efforts have been made to find and fix buffer 
overflows, and more recently bugs have been found in which software is reading 
before the start of a buffer, or beyond the end of the buffer. With these recent 
memory allocation changes, such an attempt will cause the application to coredump
 with a SIGSEGV signal. Additionally, now that memory is unmapped as soon as 
it is freed, any attempt to access freed memory will also cause the application 
to coredump with a SIGSEGV signal. He explained, "we expect that our malloc 
will find more bugs in software, and this might hurt our user community in the 
short term. We know that what this new malloc is doing is perfectly legal, but 
that realistically some open source software is of such low quality that it is just 
not ready for these things to happen." Hence the request for beta testers to 
help track down these misbehaving applications. Theo concluded, "instead of 
saying that OpenBSD is busted in this regard, please realize that the software
 which is crashing is showing how shoddily it was written. Then help us fix it. 
For everyone.. not just OpenBSD users."

-- 
Tired of having to defend against Malware?
(You know: trojans, viruses, SPYWARE, ADWARE, 
KEYLOGGERS, rootkits, worms and popups) 
Then Switch to OpenBSD with a KDE desktop!!!