delphij's Chaos


28 Mar 2009

Overhaul of libc Berkeley DB has been committed

First of all, thanks goes to all people who has helped me on this project, especially Pav (portmgr@) who gave it a twist on pointyhat.

It seems that this has taken me almost a month and 20 commits to get into the tree, after the code is ready. At the beginning, the changeset was ~200KB, and I believe it’s not good to just go ahead and commit it in one time, since it makes reviewing hard. Instead, I manually split it into smaller, functional related chunks, and commit it part-by-part.

The overhauled libc Berkeley DB code consists several enhancements. First, almost all Berkeley DB 1.86 improvements has been merged, except their new hash routines which would introduce an unavoidable file format change which apparently does not make it a good candidate for FreeBSD libc.

There is a changeset that has changed mpool(3) interface. I doubt if any application would make use of it but I provided a compatibility shim anyway.

Also, this changeset brings some security measurements that would reduce the risk of potential information leak. When allocating data, the libc now requests zero’ed memory, and zero’s buffer memory upon free(). While I believe it’s the client program’s responsibility to zero out any sensitive information, it looks like that this makes it harder to dump sensitive data “by accident”. Speaking of a reported security problem about postfix, it seems that the zero-before-free is more useful to mitigate the situation.

This overhaul also brought several memory leak fixes and crash fixes.