From 8d433414eb1290d73940f56d046dc891b4543563 Mon Sep 17 00:00:00 2001
From: phk <phk@FreeBSD.org>
Date: Thu, 23 Jan 2003 21:26:47 +0000
Subject: For "sensitive" processes, we always set the 'A' flag which causes
 abort() to be called on first sight of trouble.

"sensitive" is somewhat arbitrarily defined as "setuid, setgid, uid == root
or gid == wheel".

The 'A' option carries no performance penalty.

It is not possible to override this setting: fix the program instead.

Absentmindedly nodded OK to by:    various
---
 lib/libc/stdlib/malloc.c | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'lib/libc')

diff --git a/lib/libc/stdlib/malloc.c b/lib/libc/stdlib/malloc.c
index fdcc751..3cd58f7 100644
--- a/lib/libc/stdlib/malloc.c
+++ b/lib/libc/stdlib/malloc.c
@@ -465,6 +465,13 @@ malloc_init ()
 	}
     }
 
+    /*
+     * Sensitive processes, somewhat arbitrarily defined here as setuid,
+     * setgid, root and wheel cannot afford to have malloc mistakes.
+     */
+    if (issetugid() || getuid() == 0 || getgid() == 0)
+	    malloc_abort = 1;
+
     UTRACE(0, 0, 0);
 
     /*
-- 
cgit v1.1