lnorg/documentation
1
2
Fork 0
Code Issues 30 Pull requests Projects 6 Activity

Added section on hardened-malloc

Browse source
This commit is contained in:
Tastatur 2023-12-29 01:54:50 +01:00
parent 29595c2e46
commit f85a8c45e3
1 changed files with 25 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
docs/alpine-desktop-setup/post-install/security.md
View file

@ -95,6 +95,30 @@ vm.max_map_count=1048576
This list is still incomplete. This list is still incomplete.
## Hardened Malloc ## Blacklisting modules
WIP WIP
## Linux-Hardened
WIP
## Hardened Malloc (WIP)
Musl's default memory allocator which comes with Alpine Linux is already pretty secure but not as secure as [hardened-malloc](https://github.com/GrapheneOS/hardened_malloc/):
```
# apk add hardened-malloc
```
Then to set it system wide edit `/etc/ld-musl-x86_64.path`:
```
/usr/lib/libhardened_malloc.so
```
You can also use the light variant of hardened-malloc because the default one may not work well with some graphical applications:
```
/usr/lib/libhardened_malloc-light.so
```