Time to disable BIND 9 custom malloc by default?
paul at redbarn.org
Fri Apr 11 09:39:27 UTC 2014
Shane Kerr wrote:
> One thing that came up in the midst of the Heartbleed thingy is that it
> possibly could have been discovered and mitigated a lot sooner if
> OpenSSL used the default system malloc() libraries:
> BIND 9 also has it's own memory handler, which is also on by default
> IIRC. Perhaps it is time to consider disabling this?
on that basis, no. there's an option in the BIND9 memory allocator to
fill returned blocks with 0x5e or similar. theo's openbsd approach isn't
the only way to handle this.
> (I am also skeptical that there is any performance gain on modern
> systems, and quite possibly also unneeded memory bloat, but probably
> the security gain by itself is enough to encourage using the standard
> system libraries...)
on this basis, yes. on every modern linux and bsd system i have access
to, there is no performance advantage to the BIND9 approach, and often
there is a disadvantage. the problem is especially bad given threads.
More information about the bind-workers