From f85a8c45e32c84c0bbaca8c3285b75c0feef0ce9 Mon Sep 17 00:00:00 2001
From: Tastatur <ihdidg.d049j@aleeas.com>
Date: Fri, 29 Dec 2023 01:54:50 +0100
Subject: [PATCH] Added section on hardened-malloc

---
 .../post-install/security.md                  | 26 ++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/docs/alpine-desktop-setup/post-install/security.md b/docs/alpine-desktop-setup/post-install/security.md
index 25ee53b..e5717c5 100644
--- a/docs/alpine-desktop-setup/post-install/security.md
+++ b/docs/alpine-desktop-setup/post-install/security.md
@@ -95,6 +95,30 @@ vm.max_map_count=1048576
 
 This list is still incomplete.
 
-## Hardened Malloc
+## Blacklisting modules
 
 WIP
+
+## Linux-Hardened
+
+WIP
+
+## Hardened Malloc (WIP)
+
+Musl's default memory allocator which comes with Alpine Linux is already pretty secure but not as secure as [hardened-malloc](https://github.com/GrapheneOS/hardened_malloc/):
+
+```
+# apk add hardened-malloc
+```
+
+Then to set it system wide edit `/etc/ld-musl-x86_64.path`:
+
+```
+/usr/lib/libhardened_malloc.so
+```
+
+You can also use the light variant of hardened-malloc because the default one may not work well with some graphical applications:
+
+```
+/usr/lib/libhardened_malloc-light.so
+```