[英]Is there a way to mark a chunk of allocated memory readonly?
if I allocate some memory using malloc()
is there a way to mark it readonly. 如果我使用
malloc()
分配一些内存,有一种方法可以将其标记为只读。 So memcpy() fails if someone attempt to write to it? 因此,如果有人试图写入memcpy()会失败吗?
This is connected to a faulty api design where users are miss-using a const pointer returned by a method GetValue()
which is part of large memory structure. 这与错误的api设计相关联,用户错过了使用方法
GetValue()
返回的const指针,该方法是大内存结构的一部分。 Since we want to avoid copying of large chunk of memory we return live pointer within a structured memory which is of a specific format. 由于我们希望避免复制大块内存,因此我们将实时指针返回到具有特定格式的结构化内存中。 Now problem is that some user find hack to get there stuff working by writing to this memory directly and avoid SetValue() call that does allocation and properly handing in memory binary format that we have developed.
现在的问题是,有些用户通过直接写入这个内存来找到hack来实现工作,并避免使用SetValue()调用来进行分配并正确处理我们开发的内存二进制格式。 Although there hack sometime work but sometime it causes memory access violation due to incorrect interpretation of control flags which has been overridden by user.
虽然有时会破解工作,但有时它会因为用户已覆盖的控制标志的错误解释而导致内存访问冲突。
Educating user is one task but let say for now we want there code to fail. 教育用户是一项任务,但我们现在要说,我们希望代码失败。
I am just wondering if we can simply protect against this case. 我只是想知道我们是否可以简单地防止这种情况。
For analogy assume someone get a blob column from sqlite statement and then write back to it. 为了类比,假设有人从sqlite语句中获取blob列,然后回写它。 Although in case of sqlite it will not make sense but this somewhat happing in our case.
虽然在sqlite的情况下,它没有意义,但在我们的情况下这有点讨厌。
On most hardware architectures you can only change protection attributes on entire memory pages ; 在大多数硬件架构上,您只能更改整个内存页面上的保护属性; you can't mark a fragment of a page read-only.
您不能将页面的片段标记为只读。
The relevant APIs are: 相关的API是:
mprotect()
on Unix; mprotect()
; VirtualProtect()
on Windows. VirtualProtect()
。 You'll need to ensure that the memory page doesn't contain anything that you don't want to make read-only. 您需要确保内存页面不包含任何您不想使其成为只读的内容。 To do this, you'll either have to overallocate with
malloc()
, or use a different allocation API, such as mmap()
, posix_memalign()
or VirtualAlloc()
. 要做到这一点,您要么必须使用
malloc()
进行过度分配,要么使用不同的分配API,例如mmap()
, posix_memalign()
或VirtualAlloc()
。
Depends on the platform. 取决于平台。 On Linux, you could use mprotect() ( http://linux.die.net/man/2/mprotect ).
在Linux上,您可以使用mprotect()( http://linux.die.net/man/2/mprotect )。
On Windows you might try VirtualProtect() ( http://msdn.microsoft.com/en-us/library/windows/desktop/aa366898(v=vs.85).aspx ). 在Windows上,您可以尝试VirtualProtect()( http://msdn.microsoft.com/en-us/library/windows/desktop/aa366898 (v=vs.85) .aspx )。 I've never used it though.
我从来没用过它。
Edit: This is not a duplicate of NPE's answer. 编辑:这不是NPE答案的重复。 NPE originally had a different answer;
NPE最初有不同的答案; it was edited later and mprotect() and VirtualProtect() were added.
它是后来编辑的,并添加了mprotect()和VirtualProtect()。
a faulty api design where users are miss-using a const pointer returned by a method GetValue() which is part of large memory structure.
用户错过的错误的api设计 - 使用由大型内存结构的一部分GetValue()方法返回的const指针。 Since we want to avoid copying of large chunk of memory we return live pointer within a structured memory which is of a specific format
由于我们希望避免复制大块内存,因此我们将实时指针返回到具有特定格式的结构化内存中
That is not clearly a faulty API design. 这显然不是一个错误的API设计。 An API is a contract: you promise your class will behave in a particular way, clients of the class promise to use the API in the proper manner.
API是一种契约:您承诺您的类将以特定方式运行,该类的客户端承诺以适当的方式使用API。 Dirty tricks like
const_cast
are improper (and in some, but not all cases, have undefined behaviour ). 像
const_cast
这样的脏技巧是不合适的(在某些情况下,但并非所有情况下都有不确定的行为 )。
It would be faulty API design if using const_cast
lead to a security issue. 如果使用
const_cast
导致安全问题,那将是错误的API设计。 In that case you must copy the chunk of memory, or redesign the API. 在这种情况下,您必须复制内存块,或重新设计API。 This is the norm in Java , which does not have the equivalent of
const
(despite const
being a reserved word in Java). 这是Java中的标准 ,它没有
const
的等价物 (尽管const
是Java中的保留字)。
Obsfucate the pointer. 使指针蒙羞。 ie return to the client the pointer plus an offset, now they can't use the pointer directly.
即返回客户端指针加上一个偏移量,现在他们不能直接使用指针。 whenever the pointer is passed to your code via the official API, subtract the offset and use the pointer as usual.
每当指针通过官方API传递给您的代码时,减去偏移并像往常一样使用指针。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.