Hardened Malloc - Hardened Memory Allocator

I was looking for a workaround to only exclude Xorg from using HM Default. Nothing great yet. This was my idea:

File /usr/lib/systemd/system/lightdm.service.d/30_hardened-malloc-disable.conf


But that would make /etc/ld.so.preload and therefore HM unused by all applications started lightdm which would include Xorg and all graphical applications.

        |         |-lightdm-+-xfce4-session-+-Thunar---2*[{Thunar}]
        |         |         |               |-VirtualBox---8*[{VirtualBox}]

So wouldn’t be very helpful.

Maybe an AppArmor profile could be abused to prevent Xorg from reading /etc/ld.so.preload? Or some better method?

Should we increase vm.max_map_count = 524240 → 1048576?

1 Like

Thanks! Merged.

Your review all over the place is very much appreciated!

1 Like
1 Like


1 Like

This is now in the testers repository.

16 posts were split to a new topic: Bug: Hardened Malloc Ignored by Flatpaks

Doesn’t this break sone flatpaks because they’re missing their specific /usr?

1 Like





Messages during upgrade looking like this:

ERROR: ld.so: object ‘/usr/lib/libhardened_malloc.so/libhardened_malloc-light.so’ from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.

Can be safely ignored. These are fixed right after the upgrade.

This is unavoidable and happening due to above bugfix.

These errors are now resolved thanks to compatibility symlinks and lots of other maintenance fixes in git.

This is now in the testers repository.

news, see this link for more information:
Hardened Malloc (HM) Deprecation in Kicksecure

1 Like