Hardened_malloc is a security enhanced memory allocator forked from OpenBSD and maintained and used in GrapheneOS. It protects against various memory exploits and works just fine on Linux, I tried Gaming and more.
The Fedora variant “Secureblue” has it preinstalled, they maintain the COPR and handle the preloading also for Flatpak apps.
By default Firefox doesnt accept that though, and gives some memory errors. Fedora Firefox should now work with hardened_malloc, as they applied a build argument to allow it.
Actually it’s not (but it was) a fork of OpenBSD’s allocator, but rewrite of a fork. They wanted too much changes so they decided to rewrite it from scratch.
I think Desktop linux could adopt more… like a hardened, not tracking, neutral webview so projects could stop using damn Electron. Like actually having a slim and efficient system, without the need to not use Sandboxing.
Not sure if bionic is better than glibc too. Musl probably is, and the problem is binary package repos so you will need to use Alpine to get rid of glibc
What do these do?
Hardened_malloc is a security enhanced memory allocator forked from OpenBSD and maintained and used in GrapheneOS. It protects against various memory exploits and works just fine on Linux, I tried Gaming and more.
The Fedora variant “Secureblue” has it preinstalled, they maintain the COPR and handle the preloading also for Flatpak apps.
By default Firefox doesnt accept that though, and gives some memory errors. Fedora Firefox should now work with hardened_malloc, as they applied a build argument to allow it.
Thanks for the explanation :)
You may enjoy this video “I wrote my own memory allocator in C…”
Damn, I still didnt understand much, but seems cool
Here is an alternative Piped link(s):
I wrote my own memory allocator in C…
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
Actually it’s not (but it was) a fork of OpenBSD’s allocator, but rewrite of a fork. They wanted too much changes so they decided to rewrite it from scratch.
Damn
Holy shit, Android using the Linux kernel is actually helpful for once? I’m shocked
They have all their own userland stuff.
I think Desktop linux could adopt more… like a hardened, not tracking, neutral webview so projects could stop using damn Electron. Like actually having a slim and efficient system, without the need to not use Sandboxing.
Not sure if bionic is better than glibc too. Musl probably is, and the problem is binary package repos so you will need to use Alpine to get rid of glibc
they preload the hardened malloc, obvi 🙄