Inferencium/website
1
0
Fork 0
Code Issues Activity

Update webpage "Documentation - hardened_malloc" from version "5.0.1-beta.1" to "5.0.2-beta.1"

Browse Source
This commit is contained in:
inference 2024-06-26 20:49:40 +01:00
parent 7fc163b576
commit 20b5a7b781
Signed by: inference
SSH Key Fingerprint: SHA256:K/a677+eHm7chi3X4s77BIpLTE9Vge1tsv+jUL5gI+Y
1 changed files with 16 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
documentation/hardened_malloc.xhtml
View File

@ -1,7 +1,7 @@
<!DOCTYPE html> <!DOCTYPE html>
<!-- Inferencium - Website - Documentation - hardened_malloc --> <!-- Inferencium - Website - Documentation - hardened_malloc -->
<!-- Version: 5.0.1-beta.1 --> <!-- Version: 5.0.2-beta.1 -->
<!-- Copyright 2023 Jake Winters --> <!-- Copyright 2023 Jake Winters -->
<!-- SPDX-License-Identifier: BSD-3-Clause --> <!-- SPDX-License-Identifier: BSD-3-Clause -->
@ -34,12 +34,16 @@
<section id="introduction"> <section id="introduction">
<p>This documentation contains instructions to use <p>This documentation contains instructions to use
<a href="https://github.com/GrapheneOS/hardened_malloc">hardened_malloc</a> <a href="https://github.com/GrapheneOS/hardened_malloc">hardened_malloc</a>
memory allocator as the system's default memory allocator. These instructions apply to both musl and memory allocator as the system's default memory allocator via dynamic linking as a shared library. These
glibc C libraries on Unix-based and Unix-like systems.</p> instructions apply to both musl and glibc C libraries on Linux-based systems.</p>
<p>hardened_malloc can also be used per-application and/or per-user, in which case root permissions are <p>hardened_malloc can also be used per-application and/or per-user, in which case root permissions are
not required; this documentation focuses on system-wide usage of hardened_malloc, assumes root not required; this documentation focuses on system-wide usage of hardened_malloc, assumes root
privileges, and assumes the compiled library will be located in a path readable and executable by all privileges, and assumes the compiled library will readable and executable by all users of the
users of the system.</p> system.</p>
<p>This documentation uses
<a href="https://refspecs.linuxfoundation.org/FHS_3.0/fhs/index.html">Linux Filesystem Hierarchy Standard</a>
paths, with the modern <code>/usr/</code> merge approach of most Linux distributions. For non-standard
configurations, adjust the paths accordingly.</p>
<p>For the complete hardened_malloc documentation, visit its <p>For the complete hardened_malloc documentation, visit its
<a href="https://github.com/GrapheneOS/hardened_malloc#hardened_malloc">official documentation</a>.</p> <a href="https://github.com/GrapheneOS/hardened_malloc#hardened_malloc">official documentation</a>.</p>
<p>This documentation is also available in portable AsciiDoc format in my <p>This documentation is also available in portable AsciiDoc format in my
@ -78,6 +82,7 @@
whereas lower values prefer lower memory usage. Note that having too many arenas may cause memory whereas lower values prefer lower memory usage. Note that having too many arenas may cause memory
fragmentation and decrease system performance. The number of arenas has no impact on the security fragmentation and decrease system performance. The number of arenas has no impact on the security
properties of hardened_malloc.</p> properties of hardened_malloc.</p>
<div style="overflow-x:auto;">
<table align="center"> <table align="center">
<thead> <thead>
<tr> <tr>
@ -94,9 +99,10 @@
</tr> </tr>
</tbody> </tbody>
</table> </table>
</div>
<p>For extra security, <code>CONFIG_SEAL_METADATA=true</code> can be used in order to control <p>For extra security, <code>CONFIG_SEAL_METADATA=true</code> can be used in order to control
whether whether
<a href="https://www.kernel.org/doc/html/v6.7/core-api/protection-keys.html">Memory Protection Keys</a> <a href="https://www.kernel.org/doc/html/v6.9/core-api/protection-keys.html">Memory Protection Keys</a>
are used to disable access to all writable allocator state outside of the memory allocator code. are used to disable access to all writable allocator state outside of the memory allocator code.
It's currently disabled by default due to a significant performance cost for this use case on It's currently disabled by default due to a significant performance cost for this use case on
current-generation hardware. Whether or not this feature is enabled, the metadata is all contained current-generation hardware. Whether or not this feature is enabled, the metadata is all contained
@ -107,17 +113,17 @@
the security sacrifices over the full variant.</p> the security sacrifices over the full variant.</p>
<p>For all compile-time options, see the <p>For all compile-time options, see the
<a href="https://github.com/GrapheneOS/hardened_malloc#configuration">configuration section</a> <a href="https://github.com/GrapheneOS/hardened_malloc#configuration">configuration section</a>
of hardened_malloc's extensive official documentation.</p> of hardened_malloc's official documentation.</p>
</section> </section>
<section id="copy_library"> <section id="copy_library">
<h2><a href="#copy_library">Copy Compiled hardened_malloc Library</a></h2> <h2><a href="#copy_library">Copy Compiled hardened_malloc Library</a></h2>
<p><code># cp out/libhardened_malloc.so <var>&lt;target path&gt;</var></code></p> <p><code># cp out/libhardened_malloc.so /usr/local/lib/libhardened_malloc.so</code></p>
</section> </section>
<section id="preload_on_boot"> <section id="preload_on_boot">
<h2><a href="#preload_on_boot">Set System to Preload hardened_malloc on Boot</a></h2> <h2><a href="#preload_on_boot">Set System to Preload hardened_malloc on Boot</a></h2>
<p><b>musl-based systems:</b> Add <code>LD_PRELOAD=<var>&lt;hardened_malloc path&gt;</var></code> to <p><b>musl-based systems:</b> Add <code>LD_PRELOAD=/usr/local/lib/libhardened_malloc.so</code> to
<code>/etc/environment</code></p> <code>/etc/environment</code></p>
<p><b>glibc-based systems:</b> Add <code><var>&lt;hardened_malloc path&gt;</var></code> to <p><b>glibc-based systems:</b> Add <code>/usr/local/lib/libhardened_malloc.so</code> to
<code>/etc/ld.so.preload</code></p> <code>/etc/ld.so.preload</code></p>
</section> </section>
<div class="sitemap-small"><a href="../sitemap.xhtml">Sitemap</a></div> <div class="sitemap-small"><a href="../sitemap.xhtml">Sitemap</a></div>