From 65215bc809964bbf7fa1e498012ecd5cc6699a94 Mon Sep 17 00:00:00 2001 From: inference Date: Mon, 12 Jun 2023 17:08:37 +0100 Subject: [PATCH] Add GrapheneOS hardened_malloc documentation version 0.0.0.0. --- security/hardened_malloc.adoc | 41 +++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 security/hardened_malloc.adoc diff --git a/security/hardened_malloc.adoc b/security/hardened_malloc.adoc new file mode 100644 index 0000000..92a6360 --- /dev/null +++ b/security/hardened_malloc.adoc @@ -0,0 +1,41 @@ += GrapheneOS hardened_malloc + +Version: 0.0.0.0 + + +This documentation contains the complete set of commands to use +https://github.com/GrapheneOS/hardened_malloc[GrapheneOS' hardened_malloc] memory allocator as the +system's default memory allocator. These instructions apply to both musl and glibc C libraries on +Unix-based and Unix-like systems. + + +== Increase Permitted Amount of Memory Pages + +Add `vm.max_map_count = 1048576` to `/etc/sysctl.conf` to accomodate hardened_malloc's large amount +of guard pages + +== Clone hardened_malloc Source Code + +`git clone https://github.com/GrapheneOS/hardened_malloc.git` + +== Enter hardened_malloc Local Git Repository + +`cd hardened_malloc/` + +== Compile hardened_malloc + +`make ` + +`CONFIG_N_ARENA=n` can be adjusted to increase parallel performance at the expense of memory usage, +or decrease memory usage at the expense of parallel performance, where `n` is an integer. For +low-memory systems, `VARIANT=light` can be used to compile the light variant of hardened_malloc, +which sacrifices some security for much less memory usage. + +== Copy Compiled hardened_malloc Library + +`cp out/libhardened_malloc.so ` + +== Set System to Preload hardened_malloc on Boot + +musl-based systems: Add `export LD_PRELOAD=` to `/etc/environment` + +glibc-based systems: Add `` to `/etc/ld.so.preload`