Robert Connolly robert at
Mon Mar 26 18:12:36 PDT 2007

Hi. It looks like adding MUDFLAP_OPTIONS to unsecvars.h in Glibc works 
perfectly at keeping anyone, including root, from setting MUDFLAP_OPTIONS on 
an suid program.

Now I'm looking at gcc-4.1.2/libmudflap/mf-runtime.c, around line 300, at the 
__mf_set_default_options function, to change this:

  __mf_opts.violation_mode = viol_nop;

to this:

  __mf_opts.violation_mode = viol_abort;

so the default is to abort, instead of doing nothing.

Mudflap isn't meant as a security aid, but I think its better than not using 
it at all. I'd like to also add a syslog function to libmudflap to report on 
suid 0 aborts. Can any of you think of anything I'm not considering with 
this, like another backdoor to mudflap?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <>

More information about the hlfs-dev mailing list