[-- Attachment #1: Type: text/plain, Size: 606 bytes --] New issue by apirusKde on void-packages repository https://github.com/void-linux/void-packages/issues/32913 Description: Please provide the *GrapheneOS hardened malloc* package, compiled with these flags so that it doesnt break app compatibility such as xorg, browsers, etc. (These are the flags that whonix *KICKSECURE'S BUILD* uses when it builds the hardened malloc) Without them everything would break because of linux. dh_auto_build -- libhardened_malloc.so CONFIG_NATIVE=false CC=$(CC) CONFIG_SLAB_QUARANTINE_RANDOM_LENGTH=0 CONFIG_SLAB_QUARANTINE_QUEUE_LENGTH=0 CONFIG_GUARD_SLABS_INTERVAL=8
[-- Attachment #1: Type: text/plain, Size: 379 bytes --] New comment by apirusKde on void-packages repository https://github.com/void-linux/void-packages/issues/32913#issuecomment-917351510 Comment: Also make it automatically set /etc/lib.so.preload file to this: /usr/lib/libhardened_malloc.so/libhardened_malloc.so To be able to use it after installation. Or even better, make it replace the default malloc upon installation
[-- Attachment #1: Type: text/plain, Size: 497 bytes --] New comment by apirusKde on void-packages repository https://github.com/void-linux/void-packages/issues/32913#issuecomment-917377999 Comment: Original/ GrapheneOS Github: https://github.com/GrapheneOS/hardened_malloc Whonix: https://www.whonix.org/wiki/Hardened_Malloc Note: Nothing has ever broke when ive used the hardened malloc compiled in the way stated above, or stated inside the whonix wiki. Whonix/ Kicksecure - Github: https://github.com/Whonix/hardened_malloc
[-- Attachment #1: Type: text/plain, Size: 298 bytes --] New comment by apirusKde on void-packages repository https://github.com/void-linux/void-packages/issues/32913#issuecomment-917605440 Comment: Nice article, another reference to help you implement the package: https://madaidans-insecurities.github.io/guides/linux-hardening.html#hardened-malloc
[-- Attachment #1: Type: text/plain, Size: 326 bytes --] New comment by apirusKde on void-packages repository https://github.com/void-linux/void-packages/issues/32913#issuecomment-918329123 Comment: Also this package could be used by default in void linux (it is used in kicksecure whonix by default) . Performance loss is none/~1%, no breakages. (When compilled with those flags)
[-- Attachment #1: Type: text/plain, Size: 609 bytes --] Closed issue by apirusKde on void-packages repository https://github.com/void-linux/void-packages/issues/32913 Description: Please provide the *GrapheneOS hardened malloc* package, compiled with these flags so that it doesnt break app compatibility such as xorg, browsers, etc. (These are the flags that whonix *KICKSECURE'S BUILD* uses when it builds the hardened malloc) Without them everything would break because of linux. dh_auto_build -- libhardened_malloc.so CONFIG_NATIVE=false CC=$(CC) CONFIG_SLAB_QUARANTINE_RANDOM_LENGTH=0 CONFIG_SLAB_QUARANTINE_QUEUE_LENGTH=0 CONFIG_GUARD_SLABS_INTERVAL=8
[-- Attachment #1: Type: text/plain, Size: 329 bytes --] New comment by q66 on void-packages repository https://github.com/void-linux/void-packages/issues/32913#issuecomment-918366281 Comment: we're not going to change the default malloc for musl mallocng in 1.2.x already obsoletes this anyway as far as I know, and if you want a better allocator in glibc, take it up with glibc
[-- Attachment #1: Type: text/plain, Size: 233 bytes --] New comment by apirusKde on void-packages repository https://github.com/void-linux/void-packages/issues/32913#issuecomment-919099353 Comment: Well for musl it might be obsolete, but i would like it implemented in the glibc version