Hardened_malloc is a security enhanced memory allocator forked from OpenBSD and maintained and used in GrapheneOS. It protects against various memory exploits and works just fine on Linux, I tried Gaming and more.
The Fedora variant “Secureblue” has it preinstalled, they maintain the COPR and handle the preloading also for Flatpak apps.
By default Firefox doesnt accept that though, and gives some memory errors. Fedora Firefox should now work with hardened_malloc, as they applied a build argument to allow it.
I think Desktop linux could adopt more… like a hardened, not tracking, neutral webview so projects could stop using damn Electron. Like actually having a slim and efficient system, without the need to not use Sandboxing.
Not sure if bionic is better than glibc too. Musl probably is, and the problem is binary package repos so you will need to use Alpine to get rid of glibc
Actually it’s not (but it was) a fork of OpenBSD’s allocator, but rewrite of a fork. They wanted too much changes so they decided to rewrite it from scratch.
What do these do?
Hardened_malloc is a security enhanced memory allocator forked from OpenBSD and maintained and used in GrapheneOS. It protects against various memory exploits and works just fine on Linux, I tried Gaming and more.
The Fedora variant “Secureblue” has it preinstalled, they maintain the COPR and handle the preloading also for Flatpak apps.
By default Firefox doesnt accept that though, and gives some memory errors. Fedora Firefox should now work with hardened_malloc, as they applied a build argument to allow it.
You may enjoy this video “I wrote my own memory allocator in C…”
Damn, I still didnt understand much, but seems cool
Here is an alternative Piped link(s):
I wrote my own memory allocator in C…
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
Thanks for the explanation :)
Holy shit, Android using the Linux kernel is actually helpful for once? I’m shocked
They have all their own userland stuff.
I think Desktop linux could adopt more… like a hardened, not tracking, neutral webview so projects could stop using damn Electron. Like actually having a slim and efficient system, without the need to not use Sandboxing.
Not sure if bionic is better than glibc too. Musl probably is, and the problem is binary package repos so you will need to use Alpine to get rid of glibc
Actually it’s not (but it was) a fork of OpenBSD’s allocator, but rewrite of a fork. They wanted too much changes so they decided to rewrite it from scratch.
Damn
they preload the hardened malloc, obvi 🙄