Hardened Malloc - Hardened Memory Allocator

Patrick · August 3, 2021, 10:20am

opened 10:20AM - 03 Aug 21 UTC

closed 09:28PM - 26 Dec 21 UTC

Could you please modify the makefile `make clean` to delete all the compiled tes…t binaries? ``` test/large_array_growth test/mallinfo test/malloc_info test/offset test/simple-memory-corruption/delete_type_size_mismatch test/simple-memory-corruption/double_free_large test/simple-memory-corruption/double_free_large_delayed test/simple-memory-corruption/double_free_small test/simple-memory-corruption/double_free_small_delayed test/simple-memory-corruption/eight_byte_overflow_large test/simple-memory-corruption/eight_byte_overflow_small test/simple-memory-corruption/invalid_free_protected test/simple-memory-corruption/invalid_free_small_region test/simple-memory-corruption/invalid_free_small_region_far test/simple-memory-corruption/invalid_free_unprotected test/simple-memory-corruption/invalid_malloc_object_size_small test/simple-memory-corruption/invalid_malloc_object_size_small_quarantine test/simple-memory-corruption/invalid_malloc_usable_size_small test/simple-memory-corruption/invalid_malloc_usable_size_small_quarantine test/simple-memory-corruption/malloc_object_size test/simple-memory-corruption/malloc_object_size_offset test/simple-memory-corruption/read_after_free_large test/simple-memory-corruption/read_after_free_small test/simple-memory-corruption/read_zero_size test/simple-memory-corruption/string_overflow test/simple-memory-corruption/unaligned_free_large test/simple-memory-corruption/unaligned_free_small test/simple-memory-corruption/unaligned_malloc_usable_size_small test/simple-memory-corruption/uninitialized_free test/simple-memory-corruption/uninitialized_malloc_usable_size test/simple-memory-corruption/uninitialized_realloc test/simple-memory-corruption/write_after_free_large test/simple-memory-corruption/write_after_free_large_reuse test/simple-memory-corruption/write_after_free_small test/simple-memory-corruption/write_after_free_small_reuse test/simple-memory-corruption/write_zero_size test/simple-memory-corruption/__pycache__/__init__.cpython-37.pyc test/simple-memory-corruption/__pycache__/test_smc.cpython-37.pyc ```

Patrick · August 3, 2021, 11:12am

Patrick · August 17, 2021, 7:30pm

Fixed in Debian bullseye.

Patrick · August 17, 2021, 7:38pm

Not fixed in Debian bullseye. Reported upstream.

nurmagoz · September 3, 2021, 4:30pm

github.com/QubesOS/qubes-issues

Duplication of copy&move to vm context menu entries with hardened memory allocator

opened 04:01PM - 03 Sep 21 UTC

TNTBOMBOM

T: bug C: other P: default needs diagnosis

### Qubes OS release Qubes 4.0 ### Steps to reproduce - Open whonix ter…minal (gw or ws) - `sudo apt install hardened-malloc && sudo apt install hardened-malloc-kicksecure-enable` - Restart - Open Thunar - Right click anywhere and you will see the same as the image below ### Expected behavior No duplication ### Actual behavior Duplication of copy to VM , move to VM multiple times. ### Image ![dracutissue](https://user-images.githubusercontent.com/11895339/132034557-157c5a90-ab41-4f40-83d3-14db55014e65.png)

Patrick · September 13, 2021, 7:04pm

Patrick · January 9, 2022, 11:57am

Updated package.

Patrick · January 15, 2022, 1:00pm

Patrick · January 15, 2022, 1:01pm

new release by upstream:

Patrick · January 15, 2022, 1:05pm

Patrick · January 15, 2022, 1:08pm

add configuration variant system with two standard recommended configurations: default for an aggressive security-focused configuration and light for a more balanced configuration disabling a subset of the optional security features for better performance (comparable to glibc malloc without the thread cache) and much lower memory usage while still providing most of the security properties (details in README)

hardened_malloc/README.md at main · GrapheneOS/hardened_malloc · GitHub

The configuration system supports a configuration template system with two standard presets: the default configuration (config/default.mk) and a light configuration (config/light.mk). Packagers are strongly encouraged to ship both the standard default and light configuration. You can choose the configuration to build using make VARIANT=light where make VARIANT=default is the same as make. Non-default configuration templates will build a library with the suffix -variant such as libhardened_malloc-light.so and will use an out-variant directory instead of out for the build.

Patrick · January 15, 2022, 1:21pm

Patrick · January 15, 2022, 1:34pm

Patrick · January 15, 2022, 1:54pm

Patrick · January 15, 2022, 2:05pm

Patrick · January 15, 2022, 4:38pm

Package hardened-malloc-kicksecure-enable was renamed to hardened-malloc-light-enable.

All renamed from Hardened Malloc Kicksecure to Hardened Malloc Light.

Some more commits for the legacy package migration. That was difficult.

Error message during upgrading cannot be avoided without unreasonable development effort.

ERROR: ld.so: object ‘/usr/lib/libhardened_malloc.so/libhardened_malloc_kicksecure.so’ from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.

Package hardened-malloc-kicksecure-enable can be safely removed after upgrade.

Now available from Whonix testers repository.

Patrick · January 27, 2022, 1:41pm

Now available from Whonix testers repository.

Patrick · April 15, 2022, 5:52pm

github.com/QubesOS/qubes-issues

Memory issue founded by Hardened-Malloc - "icon-sender: segfault at ... libc-2.31.so"

opened 07:39PM - 10 Apr 22 UTC

TNTBOMBOM

T: bug C: other P: default needs diagnosis

[How to file a helpful issue](https://www.qubes-os.org/doc/issue-tracking/) #…## Qubes OS release 4.1 ### Brief summary Install hardened-malloc light will show this error: (using `sudo journalctl --boot | grep -i error`) `host kernel: icon-sender[981]: segfault at 8 ip 00007658caa91068 sp 00007ffd7c27e0b0 error 4 in libc-2.31.so[7658caa2f000+14b000]` ### Steps to reproduce Follow these instructions to install in debian based Qube: https://www.kicksecure.com/wiki/Hardened_Malloc_Light ### Expected behavior shouldnt show this error ### Actual behavior showing the error above (i dont claim i know why or what it means) @thestinger any idea what could cause it or the mean of it? ### Other issues founded by Hardened-Malloc: #6873

nurmagoz · April 18, 2022, 1:55pm

Debian Host:

Debian stable with default/full HM = working good

Virtualbox:

Any OS (debian,whonix,kali,kicksecure…) inside Virtualbox with default HM = High degradation in performance leading to almost similar to freeze/pause the OS.

KVM:

Working good.

Patrick · April 19, 2022, 10:57am

Does VirtualBox get slow depending on,

VirtualBox on the host and HM on the host, and/or
HM inside the VirtualBox VM?