Hardened Malloc

From Kicksecure
Jump to navigation Jump to search


Hardened Malloc | Hardened Malloc Light


Hardened Malloc is a hardened memory allocator which can be used with many applications to increase security.

According to the author's GitHub description: [1]

This is a security-focused general purpose memory allocator providing the malloc API along with various extensions. It provides substantial hardening against heap corruption vulnerabilities. The security-focused design also leads to much less metadata overhead and memory waste from fragmentation than a more traditional allocator design. It aims to provide decent overall performance with a focus on long-term performance and memory usage rather than allocator micro-benchmarks. It offers scalability via a configurable number of entirely independently arenas, with the internal locking within arenas further divided up per size class.

Readers who wish to discuss the integration of Hardened Malloc with Kicksecure ™ should refer to this forum thread.


Hardened Malloc is pre-installed.

How-to: Launch Applications with Hardened Malloc[edit]

Testers only! Ambox warning pn.svg.png Warning: This is for testers-only!

Systemd Services[edit]

To launch individual systemd services with hardened malloc, add a drop-in systemd configuration snippet.


Other Applications[edit]

To launch other applications with Hardened Malloc, the LD_PRELOAD environment variable must be edited before starting the application. For example, to launch application-name in this way, run.

LD_PRELOAD='/usr/lib/libhardened_malloc.so/libhardened_malloc.so' application-name

All Applications by Default[edit]

Note: This action may break numerous applications such as man, apt or Xorg.

It is possible to make all applications use Hardened Malloc as the default memory allocator. To configure this option, the path to the hardened_malloc.so library must be added to the /etc/ld.so.preload file. [2]

1. Open file /etc/ld.so.preload in an editor with root rights.

(Kicksecure ™ inside Qubes: In TemplateVM)

This box uses sudoedit for better security. This is an example and other tools could also achieve the same goal. If this example does not work for you or if you are not using Kicksecure ™, please refer to this link.

sudoedit /etc/ld.so.preload

2. Add the hardened_malloc.so library.


3. Save the file.

The procedure is complete.

Incompatible Applications[edit]


Using Hardened Malloc with Tor Browser or Firefox is difficult and unsupported. [3]

It is unknown whether other browsers can benefit from Hardened Malloc.


Other applications might not easily benefit from Hardened Malloc for the same reasons outlined in the browsers section above.

Whether an application can benefit from Hardened Malloc or not depends on technical implementation details of the application in question. Vendors of applications will probably know if their application is compatible with Hardened Malloc. Community wiki contributions are most welcome -- please post any additional vendor Q&As here.

Credits and Source Code[edit]

The original source software is maintained by security researcher, Daniel Micay.

This website is the software fork homepage for Hardened Malloc, with a focus on easy installation, added user documentation, and integration with Whonix, Kicksecure, Debian, and other distributions. The Kicksecure ™ software fork source code can be found here. Continuous integration: travis CI


  1. https://github.com/GrapheneOS/hardened_malloc
  2. feature request: /etc/ld.so.preload.d drop-in configuration folder support
  3. Tor Browser is also based on Firefox, therefore the following advice equally applies.

    LD_PRELOAD='/path/to/libhardened_malloc.so' /path/to/program will do nothing or approximately nothing.

    The reason is recompilation is necessary.

    To successfully replace Firefox memory allocator you should either use LD_PRELOAD _with_ a --disable-jemalloc build OR Firefox's replace_malloc functionality: https://searchfox.org/mozilla-central/source/memory/build/replace_malloc.h


Unfinished: This wiki is a work in progress. Please do not report broken links until this notice is removed, use Search Engines First and contribute improving this wiki.

Your Advertisement Here | Investors

Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Kicksecure ™ Wiki

Follow: 1024px-Telegram 2019 Logo.svg.png Twitter.png Facebook.png Rss.png Reddit.jpg 200px-Mastodon Logotype (Simple).svg.png

Support: Discourse logo.png

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Kicksecure donate bitcoin.png Monero donate Kicksecure.png United Federation of Planets 1000px.png

Twitter-share-button.png Facebook-share-button.png Telegram-share.png

Please help us to improve the Kicksecure ™ Wikipedia Page. Also see the feedback thread.

Whonix Version View Edit
Kicksecure Version View Edit

https link onion link Priority Support | Investors | Professional Support

Kicksecure | © ENCRYPTED SUPPORT LP | Heckert gnu.big.png Freedom Software / Osi standard logo 0.png Open Source (Why?)

The personal opinions of moderators or contributors to the Kicksecure ™ project do not represent the project as a whole.