2023-06-12 17:08:21 +01:00
|
|
|
= GrapheneOS hardened_malloc
|
|
|
|
|
|
2023-06-12 17:36:50 +01:00
|
|
|
Version: 0.0.0.6
|
2023-06-12 17:08:21 +01:00
|
|
|
|
|
|
|
|
|
2023-06-12 17:35:30 +01:00
|
|
|
This documentation contains instructions to use
|
2023-06-12 17:08:21 +01:00
|
|
|
https://github.com/GrapheneOS/hardened_malloc[GrapheneOS' hardened_malloc] memory allocator as the
|
|
|
|
|
system's default memory allocator. These instructions apply to both musl and glibc C libraries on
|
|
|
|
|
Unix-based and Unix-like systems.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
== Increase Permitted Amount of Memory Pages
|
|
|
|
|
|
2023-06-12 17:10:18 +01:00
|
|
|
Add `vm.max_map_count = 1048576` to `/etc/sysctl.conf` to accommodate hardened_malloc's large amount
|
2023-06-12 17:09:54 +01:00
|
|
|
of guard pages.
|
2023-06-12 17:08:21 +01:00
|
|
|
|
|
|
|
|
== Clone hardened_malloc Source Code
|
|
|
|
|
|
|
|
|
|
`git clone https://github.com/GrapheneOS/hardened_malloc.git`
|
|
|
|
|
|
|
|
|
|
== Enter hardened_malloc Local Git Repository
|
|
|
|
|
|
|
|
|
|
`cd hardened_malloc/`
|
|
|
|
|
|
|
|
|
|
== Compile hardened_malloc
|
|
|
|
|
|
|
|
|
|
`make <arguments>`
|
|
|
|
|
|
|
|
|
|
`CONFIG_N_ARENA=n` can be adjusted to increase parallel performance at the expense of memory usage,
|
|
|
|
|
or decrease memory usage at the expense of parallel performance, where `n` is an integer. For
|
|
|
|
|
low-memory systems, `VARIANT=light` can be used to compile the light variant of hardened_malloc,
|
|
|
|
|
which sacrifices some security for much less memory usage.
|
|
|
|
|
|
|
|
|
|
== Copy Compiled hardened_malloc Library
|
|
|
|
|
|
|
|
|
|
`cp out/libhardened_malloc.so <target_path>`
|
|
|
|
|
|
|
|
|
|
== Set System to Preload hardened_malloc on Boot
|
|
|
|
|
|
2023-06-12 17:36:13 +01:00
|
|
|
musl-based systems: Add `export LD_PRELOAD="<hardened_malloc_path>"` to `/etc/environment` +
|
2023-06-12 17:36:50 +01:00
|
|
|
+
|
2023-06-12 17:08:21 +01:00
|
|
|
glibc-based systems: Add `<hardened_malloc_path>` to `/etc/ld.so.preload`
|
