JustinAzoff
commented
1 year ago Ah. I forgot all about that problem. I actually ran into that ages ago with suricata... took me ages to track down.
I think the problem that it fixes isn't so much the "tunables" but that an attacker could turn on profiling and use the profiling to write files in places they shouldn't be able to.
I suppose adding something to the readme would work. Would be nice if this could be detected and warned about, but the place to do that would be in zeek and adding jemalloc code inside of zeek would be a bit weird.
I got stuck for a bit wondering why MALLOC_CONF wouldn't be recognized when the
zeekexecutable has file capabilities and initial searching brought me to the following PR:https://github.com/jemalloc/jemalloc/pull/174
I wonder if we should somehow mention how to work around this if there's a work-around?
Does it generally mean to use zeek-jemalloc-profiling that Zeek needs to run as root?