Added section on hardened-malloc
This commit is contained in:
parent
29595c2e46
commit
f85a8c45e3
1 changed files with 25 additions and 1 deletions
|
@ -95,6 +95,30 @@ vm.max_map_count=1048576
|
||||||
|
|
||||||
This list is still incomplete.
|
This list is still incomplete.
|
||||||
|
|
||||||
## Hardened Malloc
|
## Blacklisting modules
|
||||||
|
|
||||||
WIP
|
WIP
|
||||||
|
|
||||||
|
## Linux-Hardened
|
||||||
|
|
||||||
|
WIP
|
||||||
|
|
||||||
|
## Hardened Malloc (WIP)
|
||||||
|
|
||||||
|
Musl's default memory allocator which comes with Alpine Linux is already pretty secure but not as secure as [hardened-malloc](https://github.com/GrapheneOS/hardened_malloc/):
|
||||||
|
|
||||||
|
```
|
||||||
|
# apk add hardened-malloc
|
||||||
|
```
|
||||||
|
|
||||||
|
Then to set it system wide edit `/etc/ld-musl-x86_64.path`:
|
||||||
|
|
||||||
|
```
|
||||||
|
/usr/lib/libhardened_malloc.so
|
||||||
|
```
|
||||||
|
|
||||||
|
You can also use the light variant of hardened-malloc because the default one may not work well with some graphical applications:
|
||||||
|
|
||||||
|
```
|
||||||
|
/usr/lib/libhardened_malloc-light.so
|
||||||
|
```
|
||||||
|
|
Loading…
Reference in a new issue