Hardened Malloc (Default)

From Kicksecure
Jump to navigation Jump to search

Malloc423.jpg
Hardened Malloc (Default) Hardened Malloc Light

Introduction[edit]

Hardened Malloc (Default) is a hardened memory allocator which can be used with many applications to increase security.

According to the author's GitHub description: [1]

This is a security-focused general purpose memory allocator providing the malloc API along with various extensions. It provides substantial hardening against heap corruption vulnerabilities. The security-focused design also leads to much less metadata overhead and memory waste from fragmentation than a more traditional allocator design. It aims to provide decent overall performance with a focus on long-term performance and memory usage rather than allocator micro-benchmarks. It offers scalability via a configurable number of entirely independently arenas, with the internal locking within arenas further divided up per size class.

Readers who wish to discuss the integration of Hardened Malloc with Kicksecure ™ should refer to this forum thread.

Naming[edit]

The author of Hardened Malloc uses only the terms:

  • Hardened Malloc
  • Hardened Malloc Light

To distinguish better which version is used, this websites uses the terms:

  • Hardened Malloc (Default) (also historically called Hardened Malloc original - this term is deprecated in the systemcheck utility and will be changed in the next update)
  • Hardened Malloc Light

This is unrelated to price. Both versions are Freedom Software, free as in price as well as in freedom.

Hardened Malloc Light is provided for cases in which Hardened Malloc (Default) cannot be used due to application specific issues. Hardened Malloc (Default) might trigger issues due to memory allocation bugs found in some applications.

Installation[edit]

Hardened Malloc (Default) is pre-installed.

How-to: Launch Applications with Hardened Malloc Default[edit]

Testers only! Ambox warning pn.svg.png Warning: This is for testers-only!

Launch Specific Applications with Hardened Malloc Default[edit]

To launch chosen applications with Hardened Malloc (Default), the LD_PRELOAD environment variable must be edited before starting the application.

For example, to launch application-name in this way, run.

LD_PRELOAD='/usr/lib/libhardened_malloc.so/libhardened_malloc.so' application-name

Using administrative rights, example:

sudo LD_PRELOAD='/usr/lib/libhardened_malloc.so/libhardened_malloc.so' apt update

Launch Systemd Services with Hardened Malloc Default[edit]

To launch individual systemd services with Hardened Malloc (Default), add a drop-in systemd configuration snippet.

Environment="LD_PRELOAD='/usr/lib/libhardened_malloc.so/libhardened_malloc.so'"

Launch All Applications by Default with Hardened Malloc Default[edit]

It is possible to make all applications use Hardened Malloc (Default) as the default memory allocator.

Note:

  • If using a graphical desktop environment (such as Xfce): This action breaks the graphical desktop environment (Xorg). Most users using a graphical desktop environment (such as Xfce) should not proceed enabling Hardened Malloc (Default) for all applications. Only Hardened Malloc Light is suitable for that.
  • If using a command line interface (CLI) (no graphical desktop environment) (such as a server): This can be attempted! Testers only!

To configure this option, the path to the hardened_malloc.so library must be added to the /etc/ld.so.preload file. [2]

1. Open file /etc/ld.so.preload in an editor with root rights.

(Kicksecure ™ inside Qubes: In Template)

This box uses sudoedit for better security. This is an example and other tools could also achieve the same goal. If this example does not work for you or if you are not using Kicksecure ™, please refer to this link.

sudoedit /etc/ld.so.preload

2. Add the hardened_malloc.so library.

Paste.

/usr/lib/libhardened_malloc.so/libhardened_malloc.so

3. Save the file.

4. Done.

The procedure is complete. Hardened Malloc Default has been enabled for all applications by default.

Disable Hardened Malloc per Application[edit]

In case Hardened Malloc Default/Light is enabled globally for all applications it is possible to disable it for select applications should that be required due to application incompatibilities.

Apply the following steps to disable Hardened Malloc Default/Light per application.

Prepend the ld-system-preload-disable wrapper.

Syntax:

ld-system-preload-disable application

Example:

Notes:

  • This disabled all ld system preload. This only matters in case the user previously modified ld system preload configuration file /etc/ld.so.preload which the vast majority of users does not do.
  • Replace chromium with the actual application which should be started without ld system preload.

ld-system-preload-disable chromium

Issues[edit]

Incompatible Applications[edit]

Graphical Desktop Environment Xorg[edit]

Hardened Malloc (Default) Hardened Malloc Light
Kicksecure ™ on the host Yes, functional. Yes, functional.
Kicksecure ™ inside VirtualBox Xfce No, Xorg broken. Yes, functional.
Kicksecure ™ inside VirtualBox CLI Yes, functional. (Not using Xorg.) Yes, functional. (Not using Xorg.)
Kicksecure ™ inside KVM Yes, functional. Yes, functional.
Kicksecure ™ for Qubes Yes, functional. (Not using Xorg.) Yes, functional. (Not using Xorg.)

TODO: Xorg systemd drop in InaccessiblePaths=-/etc/ld.so.preload

VirtualBox Host Software[edit]

VirtualBox crashes with hardened memory allocator Hardened Malloc on the host. [3]

However, using HM inside VirtualBox VMs is different. For that, see above.

Browsers[edit]

Using Hardened Malloc Default/Light with Tor Browser or Firefox is difficult and unsupported. [4]

It is unknown whether other browsers can benefit from Hardened Malloc Default/Light.

Flatpak[edit]

Flatpak does not honor /etc/ld.so.preload. Therefore using Hardened Malloc with Flatpak applications is currently unsupported. [5]

snap[edit]

snap is untested. Possibly has the same issue as Flatpak.

Others[edit]

Other applications might not easily benefit from Hardened Malloc Default/Light for the same reasons outlined in the browsers section above.

Whether an application can benefit from Hardened Malloc Default/Light or not depends on technical implementation details of the application in question. Vendors of applications will probably know if their application is compatible with Hardened Malloc Default/Light. Community wiki contributions are most welcome -- please post any additional vendor Q&As here.

workaround available[edit]

Slowdown of swap-file-creator at shutdown.

chromium requires ld-system-preload-disable

  • https://bugs.debian.org/971876
    • workaround ld-system-preload-disable chromium ok
    • chromium from flathub also functional (Hardened Malloc Light is disregarded inside flatpak's bubblewrap based sandbox)

no workaround available[edit]

major issues:

minor issues:

Development Notes[edit]

How-to: Check Hardened Malloc Status[edit]

Check If Hardened Malloc is Enabled[edit]

Open the terminal and type either:

  • A): Using hardened-malloc-enabled-test.
    hardened-malloc-enabled-test
    • If enabled, should output should show:

      yes

  • B): For advanced users: Using systemcheck with command line parameter --verbose.
    systemcheck --verbose
    • If enabled, should output should include:

      [INFO] [systemcheck] Hardened Malloc: Hardened Malloc enabled.

Check If Hardened Malloc Default or Hardened Malloc Light is Enabled[edit]

hardened-malloc-type-test

Possible outputs:

  • none
  • original - meaning Hardened Malloc (Default)
  • light

Credits and Source Code[edit]

The Hardened Malloc upstream source code is maintained by security researcher, Daniel Micay.

This website is the software fork homepage for Hardened Malloc, with a focus on easy installation, added user documentation, and integration with Kicksecure ™, Whonix ™, Debian, and other distributions. The Kicksecure ™ software fork source code can be found here. Continuous integration: travis CI

Footnotes[edit]

  1. https://github.com/GrapheneOS/hardened_malloc
  2. glibc feature request: /etc/ld.so.preload.d drop-in configuration folder support
  3. Tor Browser is also based on Firefox, therefore the following advice equally applies.

    LD_PRELOAD='/path/to/libhardened_malloc.so' /path/to/program will do nothing or approximately nothing.

    The reason is recompilation is necessary.

    To successfully replace Firefox memory allocator you should either use LD_PRELOAD _with_ a --disable-jemalloc build OR Firefox's replace_malloc functionality: https://searchfox.org/mozilla-central/source/memory/build/replace_malloc.h

    Sources:

  4. Flatpak does not honor /etc/ld.so.preload. Viewing contents of /etc/ld.so.preload on the host operating system.
    cat /etc/ld.so.preload
    Expected output:
    /usr/lib/libhardened_malloc.so/libhardened_malloc-light.so
    

    Starting a shell inside a Flatpak application sandbox. This example uses org.chromium.Chromium and could be replaced with any other Flatpak application.

    flatpak run --command=sh org.chromium.Chromium

    Viewing contents of /etc/ld.so.preload inside the Flatpak sandbox.

    cat /etc/ld.so.preload

    Conclusion: File /etc/ld.so.preload does not exist inside the Flatpak sandbox.

    cat: /etc/ld.so.preload: No such file or directory
    


Unfinished: This wiki is a work in progress. Please do not report broken links until this notice is removed, use Search Engines First and contribute improving this wiki.