Wondering if hardend malloc can be combined with flatpak.
On the host:
cat /proc/$$/maps | grep malloc
[…] /usr/lib/libhardened_malloc.so/libhardened_malloc_kicksecure.so
Run a shell for debugging purposes inside flatpak.
flatpak run --command=bash org.chromium.Chromium
See if hardend malloc Kcksecure is loaded.
cat /proc/$$/maps | grep malloc
No, it’s not.
Trying to ld preload hardened malloc Kicksecure using environment variable inside flatpak.
flatpak run --env=LD_PRELOAD=/usr/lib/libhardened_malloc.so/libhardened_malloc_kicksecure.so org.chromium.Chromium
ERROR: ld.so: object ‘/usr/lib/libhardened_malloc.so/libhardened_malloc_kicksecure.so’ from LD_PRELOAD cannot be preloaded (cannot open shared object file): ignored.
Any ideas?
Not sure that makes sense for Chromium. Which allocator is more secure, Chromium’s built-in or Hardened Malloc (Kicksecure)?
But even if it doesn’t make sense for Chromium, would be useful to know generally for other applications from flatpak.