Security researcher, Daniel Micay has created hardened_malloc which is a hardened memory allocator that protects against heap corruption vulnerabilities.
It isn’t available in the Debian repos but is very easy to build and takes a few seconds. It can be used by changing the LD_PRELOAD variable. For example, to use it with the Tor Browser you should run
It can be configured globally in /etc/ld.so.preload but this breaks a few things like Xorg and man.
This sounds like it’d be good to add to Whonix. I haven’t tested this on Whonix myself though but it should work. It works fine on my host (Arch).
It can also be easily used with Firejail.
Daniel Micay is very trusted and respected in the infosec community. He has put a lot of work into hardening Android and Linux in general. A lot of his patches have even been accepted upstream.
Edit by Patrick: