Actions

Hardened Malloc/Manual Installation

From Whonix

< Hardened Malloc


Info Look into Hardened Malloc first.

Install Hardened Malloc[edit]

Users of Linux distributions that are not based on Debian must compile Hardened Malloc from source. [1] To do this, it is necessary to install g++ for compilation.

1. Update the package lists.

sudo apt-get update

2. Install g++, and git to clone the repository.

sudo apt-get install g++ git

3. The following block explains how to download and signature verify hardened malloc.

Ambox warning pn.svg.png While git is cryptographically secure, it is not foolproof. See Web of Trust [archive] and How safe are signed git tags? Only as safe as SHA-1 or somehow safer? [archive] for further information.

Run the following commands in a terminal to download and verify the signing key and source code.

Retrieve the signing key. [2]

scurl-download https://github.com/thestinger.gpg

Verify the key fingerprint.

gpg --keyid-format long --with-fingerprint thestinger.gpg

Should show.

gpg: WARNING: no command supplied. Trying to guess what you mean ...
pub rsa4096/F9E712E59AF5F22A 2012-12-06 [SC]
Key fingerprint = 65EE FE02 2108 E2B7 08CB FCF7 F9E7 12E5 9AF5 F22A
uid Daniel Micay <danielmicay@gmail.com>
uid Daniel Micay <daniel.micay@copperhead.co>
uid Daniel Micay <security@attestation.app>
uid Daniel Micay <security@seamlessupdate.app>
uid Daniel Micay <security@grapheneos.org>
sub rsa4096/7363D2F61FDC8A7F 2012-12-06 [E]

Import the key.

gpg --import thestinger.gpg

Get the source code.

git clone https://github.com/GrapheneOS/hardened_malloc

Navigate to the hardened_malloc folder.

cd hardened_malloc

Always verify software signatures! Check the hardened malloc signature.

git tag --verify 1

Should show.

object d80919fa1e8042a070a3f9b2560ff2ecac8a75da
type commit
tag 1
tagger Daniel Micay <danielmicay@gmail.com> 1562939118 -0400

1
gpg: Signature made Fri 12 Jul 2019 09:45:21 AM EDT
gpg: using RSA key 65EEFE022108E2B708CBFCF7F9E712E59AF5F22A
gpg: issuer "danielmicay@gmail.com"
gpg: Good signature from "Daniel Micay <danielmicay@gmail.com>" [unknown]
gpg: aka "Daniel Micay <security@attestation.app>" [unknown]
gpg: aka "Daniel Micay <security@seamlessupdate.app>" [unknown]
gpg: aka "Daniel Micay <security@grapheneos.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 65EE FE02 2108 E2B7 08CB FCF7 F9E7 12E5 9AF5 F22A

4. Build the program.

This will only take a few seconds, depending on your system's resources.

make

5. Move the hardened_malloc library into /usr/lib

sudo mkdir -p /usr/lib/libhardened_malloc.so

sudo mv libhardened_malloc.so /usr/lib/libhardened_malloc.so/libhardened_malloc.so

How-to: Launch Applications with Hardened Malloc[edit]

Systemd Services[edit]

To launch individual systemd services with hardened malloc, add drop a systemd configuration snippet.

Environment="LD_PRELOAD='/usr/lib/libhardened_malloc.so/libhardened_malloc.so'"

Other Applications[edit]

To launch other applications with Hardened Malloc, the LD_PRELOAD environment variable must be edited before starting the application. For example, to launch application-name in this way, run.

LD_PRELOAD='/usr/lib/libhardened_malloc.so/libhardened_malloc.so' application-name

All Applications by Default[edit]

Note: This action may break numerous applications such as man, apt or Xorg.

It is possible to make all applications use Hardened Malloc as the default memory allocator. To configure this option, the path to the hardened_malloc.so library must be added to the /etc/ld.so.preload file.

1. Open file /etc/ld.so.preload in an editor with root rights.

(Qubes-Whonix ™: In TemplateVM)

This box uses sudoedit for better security [archive]. This is an example and other tools could also achieve the same goal. If this example does not work for you or if you are not using Whonix, please refer to this link.

sudoedit /etc/ld.so.preload

2. Add the hardened_malloc.so library.

/usr/lib/libhardened_malloc.so/libhardened_malloc.so

3. Save the file.

The procedure is complete.

Footnotes[edit]

  1. Hardened Malloc is available form the Whonix APT repository for Debian-based distributions.
  2. https://grapheneos.org/install [archive] https://github.com/GrapheneOS/hardened_malloc/issues/82 [archive]


Search engines: YaCy | Qwant | ecosia | MetaGer | peekier


Follow: Twitter.png Facebook.png 1280px-Gab text logo.svg.png Iconfinder news 18421.png Rss.png Matrix logo.svg.png 1024px-Telegram 2019 Logo.svg.png Discourse logo.svg

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate whonix.png

Share: Twitter | Facebook

https link onion link

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.

Copyright (C) 2012 - 2020 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].

Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint, Contact.