This documentation contains instructions to use hardened_malloc memory allocator as the system's default memory allocator. These instructions apply to both musl and glibc C libraries on Unix-based and Unix-like systems.
hardened_malloc can also be used per-application and/or per-user, in which case root permissions are not required; this documentation focuses on system-wide usage of hardened_malloc, assumes root privileges, and assumes the compiled library will be located in a path readable and executable by all users of the system.
For the complete hardened_malloc documentation, visit its official documentation.
This documentation is also available in portable AsciiDoc format in my documentation source code repository.
Add vm.max_map_count = 1048576 to
/etc/sysctl.conf to accommodate hardened_malloc's large amount of guard
pages.
$ git clone https://github.com/GrapheneOS/hardened_malloc.git
$ cd hardened_malloc/
$ make <arguments>
CONFIG_N_ARENA=n can be adjusted to increase parallel
performance at the expense of memory usage, or decrease memory usage at the expense of
parallel performance, where n is an integer. Higher values prefer parallel
performance, whereas lower values prefer lower memory usage. Note that having too many
arenas may cause memory fragmentation and decrease system performance. The number of
arenas has no impact on the security properties of hardened_malloc.
Minimum number of arenas: 1
Maximum number of arenas: 256
For extra security, CONFIG_SEAL_METADATA=true can be used in order to
control whether Memory Protection Keys are used to disable access to all writable
allocator state outside of the memory allocator code. It's currently disabled by default
due to a significant performance cost for this use case on current generation hardware.
Whether or not this feature is enabled, the metadata is all contained within an isolated
memory region with high entropy random guard regions around it.
For low-memory systems, VARIANT=light can be used to compile the light
variant of hardened_malloc, which sacrifices some security for much less memory
usage. This option still produces a more hardened memory allocator than both the
default musl and glibc allocators, despite the security sacrifices over the full
variant.
For all compile-time options, see the configuration section of hardened_malloc's extensive official documentation.
# cp out/libhardened_malloc.so <target path>
musl-based systems: Add
export LD_PRELOAD="<hardened_malloc path>" to
/etc/environment
glibc-based systems: Add <hardened_malloc path> to
/etc/ld.so.preload