{{Header}} __NOINDEX__
{{Title|title=
Hardened Malloc Light
}}
{{#seo:
|description=Hardened Memory Allocator for many Applications to increase Security - installation from {{project_name_long}} repository
|image=Kicksecurehardenedmalloc.jpg
}}
* [[Hardened Malloc|Hardened Malloc (Default)]]
* [[Hardened Malloc Light]]
[[image:Malloc.jpg|thumb]]
{{intro|
Hardened Memory Allocator for many Applications to increase Security.
}}
{{Archived}}
= Deprecation in Kicksecure =
'''See [[Hardened_Malloc#Deprecation_in_Kicksecure|Hardened Malloc Deprecation in Kicksecure]].'''
= Introduction =
Hardened Malloc is a hardened memory allocator which can be used with many applications to increase security.
According to the author's GitHub description: [
https://github.com/GrapheneOS/hardened_malloc
]
This is a security-focused general purpose memory allocator providing the malloc API along with various extensions. It provides substantial hardening against heap corruption vulnerabilities. The security-focused design also leads to much less metadata overhead and memory waste from fragmentation than a more traditional allocator design. It aims to provide decent overall performance with a focus on long-term performance and memory usage rather than allocator micro-benchmarks. It offers scalability via a configurable number of entirely independently arenas, with the internal locking within arenas further divided up per size class.
[[Hardened Malloc]] ([https://github.com/GrapheneOS/hardened_malloc Default]) unfortunately cannot be globally enabled by default due to [[Hardened_Malloc#Issues|Hardened Malloc (Default) Issues]].
The development goal of Hardened Malloc Light is pre-installation by default.
Hardened Malloc Light uses different compile time options.
* [https://github.com/{{project_name_short}}/hardened_malloc/blob/master/debian/rules#L17 Hardened Malloc (Default) (compile time options as close to original upstream as possible)]
* [https://github.com/{{project_name_short}}/hardened_malloc/blob/master/debian/rules#L18 Hardened Malloc Light (compile time option VARIANT=light as provided by upstream)]
Both, Hardened Malloc (Default) and Hardened Malloc Light are already installed by default but not yet enabled by default.
Hardened Malloc Light is not yet enabled by default since there are still various known [[#Issues|issues]]. Most notably, it breaks possibly [https://www.virtualbox.org/ticket/20107 VirtualBox host software crashes], which haven't been reproduced by testers yet.
Advanced users may still wish to use [[Hardened Malloc|Hardened Malloc (Default)]] for specific high risk applications.
Before getting started with Hardened Malloc (Light) it is recommended to first test the host operating system using [[Troubleshooting#memtest86.2B|memtest86+ (link)]] since hardware issues with RAM might be more likely be resulting in system crashes with Hardened Malloc (Light) enabled. [
In the experience of {{project_name_short}} developer Patrick, the VirtualBox host software crashed with Hardened Malloc (Light) enabled with different error messages when faulty RAM banks where used compared to VirtualBox host software crashes with RAM banks that did not show any errors in ]memtest86+.
Readers who wish to discuss the integration of Hardened Malloc with {{project_name_short}} should refer to [https://forums.whonix.org/t/hardened-malloc-hardened-memory-allocator/7474 this forum thread].
= Enable Hardened Malloc Light =
{{Testers-only}}
Package hardened-malloc-light-enable [
https://github.com/{{project_name_short}}/hardened_malloc/blob/master/debian/control#L42
] is provided as an easy way to enable Hardened Malloc Light globally.
{{Install Package|package=
hardened-malloc-light-enable
}}
= Check If Hardened Malloc Enabled =
Same instructions as for [[Hardened Malloc|Hardened Malloc (Original)]].
* [[Hardened_Malloc#Check_If_Hardened_Malloc_is_Enabled|Check If Hardened Malloc Enabled]]
* [[Hardened_Malloc#Check_If_Hardened_Malloc_Default_or_Hardened_Malloc_Light_is_Enabled|Check If Hardened Malloc Default or Hardened Malloc Light is Enabled]]
= Disable Hardened Malloc Light =
Hardened Malloc Light can be disabled either per application or globally.
== Disable Hardened Malloc per Application ==
See [[Hardened_Malloc#Disable_Hardened_Malloc_per_Application|Disable Hardened Malloc per Application]].
== Disable Hardened Malloc Light Globally ==
Apply the following steps to globally disable Hardened Malloc Light.
If the system is still fully functional, the easiest way is to uninstall the hardened-malloc-light-enable package.
{{CodeSelect|code=
sudo apt purge hardened-malloc-light-enable
}}
Otherwise...
'''1)''' [[Recovery#Recovery_Mode|Boot into recovery mode]]. Optional.
This is only required if the system is no longer bootable. In this case, refer to [[Recovery#Recovery_Mode|boot into recovery mode]].
'''2)''' View the /etc/ld.so.preload configuration file.
{{CodeSelect|code=
cat /etc/ld.so.preload
}}
'''3)''' Remove libhardened_malloc-light.so from /etc/ld.so.preload.
If not using /etc/ld.so.preload for anything else, it is the easiest to simply delete the configuration file.
Warning: this removes all entries from /etc/ld.so.preload.
{{CodeSelect|code=
sudo rm /etc/ld.so.preload
}}
= Issues =
Same as [[Hardened_Malloc#Issues|Hardened Malloc (Default) Issues]].
= Credits and Source Code =
The [https://github.com/GrapheneOS/hardened_malloc Hardened Malloc upstream source code] is maintained by security researcher, Daniel Micay.
[[Hardened_Malloc|This website]] is the [https://en.wikipedia.org/wiki/Fork_(software_development) software fork] homepage for Hardened Malloc, with a focus on easy installation, added user documentation, and integration with [[About|{{project_name_short}}]], [https://www.whonix.org {{Whonix}}], Debian, and other distributions. The {{project_name_short}} software fork source code can be found [https://github.com/{{project_name_short}}/hardened_malloc here].
= Footnotes =
{{reflist|close=1}}
{{Footer}}
[[Category:Documentation]]