samhain 3.1.0-5ubuntu1 / usr / share / doc / samhain / manual.html / dnmalloc.html

This file is indexed.

/usr/share/doc/samhain/manual.html/dnmalloc.html is in samhain 3.1.0-5ubuntu1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd">
<HTML
><HEAD
><TITLE
>Remarks on the dnmalloc allocator</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK
REL="HOME"
TITLE="The Samhain Host Integrity Monitoring System"
HREF="index.html"><LINK
REL="UP"
TITLE="General usage notes"
HREF="usage.html"><LINK
REL="PREVIOUS"
TITLE="Runtime options: command-line &#38; configuration file"
HREF="options-configuration-file.html"><LINK
REL="NEXT"
TITLE="Support / Bugs / Problems"
HREF="support.html"><LINK
REL="STYLESHEET"
TYPE="text/css"
HREF="./docbook.css"></HEAD
><BODY
CLASS="SECT1"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><!--#if expr="! ($HTTP_USER_AGENT = /MSIE/)"--><!--#include virtual="/resources/ssi/header.html"--><!--#endif --><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>The Samhain Host Integrity Monitoring System</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="options-configuration-file.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
>Chapter 3. General usage notes</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="support.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="DNMALLOC"
>3.10. Remarks on the dnmalloc allocator</A
></H1
><P
>As a proactive security measure, since version 2.4.5, 
<SPAN
CLASS="APPLICATION"
>samhain</SPAN
> ships with
<SPAN
CLASS="APPLICATION"
>dnmalloc</SPAN
> 
(<A
HREF="http://fort-knox.org/"
TARGET="_top"
>Dnmalloc Site</A
>), a safer allocator 
that isn't vulnerable by heap buffer overflows and/or double free errors. 
I.e. with dnmalloc, it's not possible to exploit such errors to run 
arbitrary code.</P
><P
>If you want to disable dnmalloc, you can do so at compile time with  
<B
CLASS="COMMAND"
>./configure --disable-dnmalloc [more options]</B
>.</P
><DIV
CLASS="NOTE"
><P
></P
><TABLE
CLASS="NOTE"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="./stylesheet-images/note.gif"
HSPACE="5"
ALT="Note"></TD
><TH
ALIGN="LEFT"
VALIGN="MIDDLE"
><B
>Unsupported operating systems</B
></TH
></TR
><TR
><TD
>&nbsp;</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>  The dnmalloc allocator doesn't work on: OpenBSD (problems with pthread
  internals), Cygwin (also pthread internals), and 64bit FreeBSD. On 64bit AIX,
  you need to compile as a 32bit application, or to forego dnmalloc.</P
></TD
></TR
></TABLE
></DIV
><P
>  Speed and memory overhead of dnmalloc:
  <P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>Speed</DT
><DD
><P
>	 Dnmalloc is as fast, or sometimes faster than, the GNU libc 
	 allocator (which is based on ptmalloc).
       </P
></DD
><DT
>Memory overhead</DT
><DD
><DIV
CLASS="TIP"
><P
></P
><TABLE
CLASS="TIP"
WIDTH="90%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="./stylesheet-images/tip.gif"
HSPACE="5"
ALT="Tip"></TD
><TH
ALIGN="LEFT"
VALIGN="MIDDLE"
><B
>Reserved memory</B
></TH
></TR
><TR
><TD
>&nbsp;</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>	  &quot;Reserved momory&quot; is the amount of memory that the 
	  operating system has reserved for an application, is backed by 
	  physical reasources (RAM or swap),
	  and hence is not available for other applications. In other words, 
	  &quot;reserved momory&quot; is the actual resource usage of an 
	  application.
	</P
><P
>	  Because of deferred memory allocation, reserved memory can be 
	  less than what
	  an application has asked for, since memory is only reseved 
	  when it is used.
	</P
></TD
></TR
></TABLE
></DIV
><P
>	  The actual memory overhead of dnmalloc is in the 
	  range of 20 per cent or less.
	</P
><P
>	  On top of that, dnmalloc allocates a huge (128MB/256MB for 
	  32bit/64bit systems) table on startup. <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>This is basically 
	  a non-issue</I
></SPAN
>, since this table is only sparsely used, 
	  and hence contributes very little to the &quot;reserved memory&quot;,
	  i.e. the actual resource usage of dnmalloc.
	</P
><P
>	  Both 'top' and 'ps' include this table in the 'virtual size' 
	  (columns VIRT/VSZ in top/ps) of an application using dnmalloc, thus 
	  giving the incorrect impression that physical swap storage would be 
	  required to back this table, if it's not resident in RAM (columns 
	  RES/RSS in top/ps). In fact, since most parts of this table are 
	  never used, no physical storage (neither RAM nor swap) is ever 
	  reserved for them. Note that this is not true anymore if (on Linux) 
	  you've switched off overcommiting completely 
	  (<B
CLASS="COMMAND"
>echo 2 &#62; /proc/sys/vm/overcommit_memory</B
>).
	</P
></DD
></DL
></DIV
></P
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="options-configuration-file.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="support.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Runtime options: command-line &amp; configuration file</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="usage.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Support / Bugs / Problems</TD
></TR
></TABLE
></DIV
><!--#if expr="! ($HTTP_USER_AGENT = /MSIE/)"--><!--#include virtual="/resources/ssi/footer.html"--><!--#endif --></BODY
></HTML
>

APT Browse - Built by Thomas Orozco.