Install Hardened Malloc
Users of Linux distributions that are not based on Debian must compile Hardened Malloc from source.  To do this, it is necessary to install g++ for compilation.
1. Update the package lists.
git to clone the repository.
sudo apt-get install g++ git
3. The following block explains how to download and signature verify hardened malloc.
Run the following commands in a terminal to download and verify the signing key and source code.
Retrieve the signing key. 
Verify the key fingerprint.
gpg --keyid-format long --with-fingerprint thestinger.gpg
gpg: WARNING: no command supplied. Trying to guess what you mean ...
pub rsa4096/F9E712E59AF5F22A 2012-12-06 [SC]
Key fingerprint = 65EE FE02 2108 E2B7 08CB FCF7 F9E7 12E5 9AF5 F22A
uid Daniel Micay <firstname.lastname@example.org>
uid Daniel Micay <email@example.com>
uid Daniel Micay <firstname.lastname@example.org>
uid Daniel Micay <email@example.com>
uid Daniel Micay <firstname.lastname@example.org>
sub rsa4096/7363D2F61FDC8A7F 2012-12-06 [E]
Import the key.
gpg --import thestinger.gpg
Get the source code.
git clone https://github.com/GrapheneOS/hardened_malloc
Navigate to the
Always verify software signatures! Check the hardened malloc signature.
tagger Daniel Micay <email@example.com> 1562939118 -0400
gpg: Signature made Fri 12 Jul 2019 09:45:21 AM EDT
gpg: using RSA key 65EEFE022108E2B708CBFCF7F9E712E59AF5F22A
gpg: issuer "firstname.lastname@example.org"
gpg: Good signature from "Daniel Micay <email@example.com>" [unknown]
gpg: aka "Daniel Micay <firstname.lastname@example.org>" [unknown]
gpg: aka "Daniel Micay <email@example.com>" [unknown]
gpg: aka "Daniel Micay <firstname.lastname@example.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 65EE FE02 2108 E2B7 08CB FCF7 F9E7 12E5 9AF5 F22A
4. Checkout the tag.
5. Build the program.
This will only take a few seconds, depending on your system's resources.
6. Move the hardened_malloc library to the system library folder
sudo mkdir -p /usr/lib/libhardened_malloc.so
Move the library.
sudo mv libhardened_malloc.so /usr/lib/libhardened_malloc.so/libhardened_malloc.so
How-to: Launch Applications with Hardened Malloc
To launch individual systemd services with hardened malloc, add drop a systemd configuration snippet.
To launch other applications with Hardened Malloc, the
LD_PRELOAD environment variable must be edited before starting the application. For example, to launch
application-name in this way, run.
All Applications by Default
Note: This action may break numerous applications such as man, apt or Xorg.
It is possible to make all applications use Hardened Malloc as the default memory allocator. To configure this option, the path to the
hardened_malloc.so library must be added to the
/etc/ld.so.preload in an editor with root rights.
(Qubes-Whonix ™: In TemplateVM)
This box uses
sudoedit for better security [archive]. This is an example and other tools could also achieve the same goal. If this example does not work for you or if you are not using Whonix, please refer to this link.
2. Add the
3. Save the file.
The procedure is complete.
Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki
Priority Support | Investors | Professional Support
Whonix ™ | © ENCRYPTED SUPPORT LP | Freedom Software / Open Source (Why?)
The personal opinions of moderators or contributors to the Whonix ™ project do not represent the project as a whole.