Introduction[edit]

Hardened Malloc is a hardened memory allocator which can be used with many applications to increase security.

According to the author's GitHub description: ^[1]

This is a security-focused general purpose memory allocator providing the malloc API along with various extensions. It provides substantial hardening against heap corruption vulnerabilities. The security-focused design also leads to much less metadata overhead and memory waste from fragmentation than a more traditional allocator design. It aims to provide decent overall performance with a focus on long-term performance and memory usage rather than allocator micro-benchmarks. It offers scalability via a configurable number of entirely independently arenas, with the internal locking within arenas further divided up per size class.

Readers who wish to discuss the integration of Hardened Malloc with Whonix should refer to this forum thread ^[archive].

Installation[edit]

Hardened Malloc is available from the Whonix and Kicksecure APT repository. ^[2] Users of these Linux distributions can install it easily with the following instructions.

Users of Debian (-based) Linux distributions other than Whonix or Kicksecure need to first add the Whonix APT repository, which is documented on the Whonix Packages for Debian Hosts wiki page. For other distributions, refer to the Hardened Malloc Manual Installation instructions.

Install hardened-malloc.

1. Update the package lists.

sudo apt-get update

sudo apt-get update

2. Upgrade the system.

sudo apt-get dist-upgrade

sudo apt-get dist-upgrade

3. Install the hardened-malloc package.

Using apt-get command line parameter --no-install-recommends is in most cases optional.

sudo apt-get install --no-install-recommends hardened-malloc

sudo apt-get install --no-install-recommends hardened-malloc

The procedure of installing hardened-malloc is complete.

How-to: Launch Applications with Hardened Malloc[edit]

Systemd Services[edit]

To launch individual systemd services with hardened malloc, add a drop-in systemd configuration snippet.

Environment="LD_PRELOAD='/usr/lib/libhardened_malloc.so/libhardened_malloc.so'"

Environment="LD_PRELOAD='/usr/lib/libhardened_malloc.so/libhardened_malloc.so'"

Other Applications[edit]

To launch other applications with Hardened Malloc, the LD_PRELOAD environment variable must be edited before starting the application. For example, to launch application-name in this way, run.

LD_PRELOAD='/usr/lib/libhardened_malloc.so/libhardened_malloc.so' application-name

LD_PRELOAD='/usr/lib/libhardened_malloc.so/libhardened_malloc.so' application-name

All Applications by Default[edit]

Note: This action may break numerous applications such as man, apt or Xorg.

It is possible to make all applications use Hardened Malloc as the default memory allocator. To configure this option, the path to the hardened_malloc.so library must be added to the /etc/ld.so.preload file. ^[3]

1. Open file /etc/ld.so.preload in an editor with root rights.

(Qubes-Whonix ™: In TemplateVM)

This box uses sudoedit for better security ^[archive]. This is an example and other tools could also achieve the same goal. If this example does not work for you or if you are not using Whonix, please refer to this link.

sudoedit /etc/ld.so.preload

sudoedit /etc/ld.so.preload

2. Add the hardened_malloc.so library.

/usr/lib/libhardened_malloc.so/libhardened_malloc.so

/usr/lib/libhardened_malloc.so/libhardened_malloc.so

3. Save the file.

The procedure is complete.

Incompatible Applications[edit]

Browsers[edit]

Using Hardened Malloc with Tor Browser, Firefox or SecBrowser ™ is difficult and unsupported. ^[4]

It is unknown whether other browsers can benefit from Hardened Malloc.

Others[edit]

Other applications might not easily benefit from Hardened Malloc for the same reasons outlined in the browsers section above.

Whether an application can benefit from Hardened Malloc or not depends on technical implementation details of the application in question. Vendors of applications will probably know if their application is compatible with Hardened Malloc. Community wiki contributions are most welcome -- please post any additional vendor Q&As here.

Credits and Source Code[edit]

The original ^[archive] source software is maintained by security researcher, Daniel Micay.

This website ^[archive] is the software fork ^[archive] homepage for Hardened Malloc, with a focus on easy installation, added user documentation, and integration with Whonix, Kicksecure, Debian, and other distributions. The Whonix software fork source code can be found here ^[archive]. Continuous integration: travis CI ^[archive]

Hardened Malloc Kicksecure Fork[edit]

In development.

Forum development discussion:
https://forums.whonix.org/t/hardened-malloc-hardened-memory-allocator/7474/69 ^[archive]

/usr/lib/libhardened_malloc.so/libhardened_malloc_kicksecure.so

Disable[edit]

hardened-malloc-kicksecure can be disabled either per application or globally.

Disable per Application[edit]

Apply the following steps to disable hardened-malloc-kicksecure per application.

Prepend the ld-system-preload-disable wrapper. Example:

ld-system-preload-disable chromium

ld-system-preload-disable chromium

Disable Globally[edit]

Apply the following steps to globally disable hardened-malloc-kicksecure.

1) Boot into recovery mode. Optional.

This is only required if the system is no longer bootable. In this case, refer to boot into recovery mode.

2) View the /etc/ld.so.preload file.

cat /etc/ld.so.preload

cat /etc/ld.so.preload

3) Remove /usr/lib/libhardened_malloc.so/libhardened_malloc_kicksecure.so from /etc/ld.so.preload.

If not using /etc/ld.so.preload for anything else. Warning: this removes all entries from /etc/ld.so.preload.

sudo rm /etc/ld.so.preload

sudo rm /etc/ld.so.preload

Issues[edit]

cryptsetup slowdown by factor ~ 7
- this prolonged slowdown of systems using swap-file-creator
- needs to be investigated further and reported upstream
- adding hardened-malloc-disable not appropriate as this would inject stderr output ERROR: ld.so: object ‘/usr/lib/libhardened_malloc.so/libhardened_malloc_kicksecure.so’ from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored. during early boot process (swap-file-creator) and not appropriate to silence stderr either as this would hide legitimate error messages too.
- TODO: test workaround https://github.com/Whonix/swap-file-creator/commit/c65edf17f952ac4a296ae6a0aac5a10541579ff6 ^[archive]
man and mandb broken
- It somehow messes the man pages up a bit. Lintian will complain. genmkfile: manpage-has-bad-whatis-entry usr/share/man/man8/genmkfile.8.gz Therefore wrapper needs to be added to disable hardened malloc.
- https://forums.whonix.org/t/hardened-malloc-hardened-memory-allocator/7474/105 ^[archive]
- https://forums.whonix.org/t/hardened-malloc-hardened-memory-allocator/7474/109 ^[archive]
  - Therefore Whonix package build process broken with hardened malloc enabled.
no reliable and "clean" way to disable globally enabled hardened malloc on a per application basis
- hardened-malloc-disable injects extraneous output to stderr.
  - ERROR: ld.so: object ‘/usr/lib/libhardened_malloc.so/libhardened_malloc_kicksecure.so’ from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
    - TODO: Fixed thanks to ld-system-preload-disable?
  - glibc feature request: LD_ETC_IGNORE - environment variable to ignore /etc/ld.so.preload configuration file on a per-application basis ^[archive]
  - could break scripts / build process
  - would confuse users (this message would come up every time user installs a package when mandb is automatically run by apt/dpkg even if man/mandb was wrapped by hardened-malloc-disable)
- doesn't work with chromium out of the box
  - required to disable sandbox hardened-malloc-disable chromium --no-sandbox
chromium broken
- https://bugs.debian.org/971876 ^[archive]
  - TODO: needs to be certain that this is fixed in newer versions of chromium
  - TODO: Fixed thanks to ld-system-preload-disable?
does it break https://packages.debian.org/buster/gsmartcontrol ^[archive]?
VirtualBox Crash issue (assigned to Patrick)

VirtualBox Crash[edit]

VirtualBox VM log:

all OK
no more log entries for 30 minutes while VM is working OK
then the only new log additions are these:
00:18:45.237389 VirtualBoxClient: detected unresponsive VBoxSVC (rc=NS_ERROR_CALL_FAILED)
00:19:16.904964 VirtualBoxClient: detected working VBoxSVC (rc=NS_OK)

VBoxSVC.log

tail -f ~/.config/VirtualBox/VBoxSVC.log

all OK
no more log entries for 30 minutes while VM is working OK
no new log entry after crash
The log ends there after crash then becomes
~/.config/VirtualBox/VBoxSVC.log.1

Therefore a coredump needs to be created and submitted to upstream virtualbox.org developers.

Footnotes[edit]

↑ https://github.com/GrapheneOS/hardened_malloc ^[archive]
↑ https://github.com/Whonix/hardened_malloc ^[archive]
↑ feature request: /etc/ld.so.preload.d drop-in configuration folder support ^[archive]
↑
These browsers are all based on Firefox, therefore the following applies equally to each of them.

LD_PRELOAD='/path/to/libhardened_malloc.so' /path/to/program will do nothing or approximately nothing.

The reason is recompilation is necessary.
To successfully replace Firefox memory allocator you should either use LD_PRELOAD _with_ a --disable-jemalloc build OR Firefox's replace_malloc functionality: https://searchfox.org/mozilla-central/source/memory/build/replace_malloc.h ^[archive]
Sources:
- https://lists.torproject.org/pipermail/tor-dev/2019-August/013982.html ^[archive]
- https://lists.torproject.org/pipermail/tor-dev/2019-August/013990.html ^[archive]

Whonix ™ is Supported by Evolution Host DDoS Protected VPS. Stay private and get your VPS with Bitcoin or Monero.

Jobs in USA

Follow:

Donate:

Share: Twitter | Facebook

Have you read our Documentation ^[archive], Technical Design ^[archive] and Developer Portal ^[archive] links yet?

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat and Policy On Nonfreedom Software applies.

Copyright (C) 2012 - 2020 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee ^[archive] of the Open Invention Network ^[archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian ^[archive]. Debian is a registered trademark ^[archive] owned by Software in the Public Interest, Inc ^[archive].

Whonix ™ is produced independently from the Tor® ^[archive] anonymity software and carries no guarantee from The Tor Project ^[archive] about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint, Contact.

[1] ttps://github.com/GrapheneOS/hardened_malloc ^[archive]

[2] ttps://github.com/Whonix/hardened_malloc ^[archive]

[3] ture request: /etc/ld.so.preload.d drop-in configuration folder support ^[archive]

[firefox-based-4] These browsers are all based on Firefox, therefore the following applies equally to each of them.

LD_PRELOAD='/path/to/libhardened_malloc.so' /path/to/program will do nothing or approximately nothing.

The reason is recompilation is necessary.

To successfully replace Firefox memory allocator you should either use LD_PRELOAD _with_ a --disable-jemalloc build OR Firefox's replace_malloc functionality: https://searchfox.org/mozilla-central/source/memory/build/replace_malloc.h ^[archive]
Sources:

https://lists.torproject.org/pipermail/tor-dev/2019-August/013982.html ^[archive]

https://lists.torproject.org/pipermail/tor-dev/2019-August/013990.html ^[archive]

[5] ttps://lists.torproject.org/pipermail/tor-dev/2019-August/013982.html ^[archive]

[6] ttps://lists.torproject.org/pipermail/tor-dev/2019-August/013990.html ^[archive]

[1]

[2]

[3]

[4]

Hardened Malloc

From Whonix

Contents