[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

hardened_malloc

Security researcher, Daniel Micay has created hardened_malloc which is a hardened memory allocator that protects against heap corruption vulnerabilities.

It isn’t available in the Debian repos but is very easy to build and takes a few seconds. It can be used by changing the LD_PRELOAD variable. For example, to use it with the Tor Browser you should run

LD_PRELOAD="/usr/lib/libhardened_malloc.so" torbrowser

It can be configured globally in /etc/ld.so.preload but this breaks a few things like Xorg and man.

This sounds like it’d be good to add to Whonix. I haven’t tested this on Whonix myself though but it should work. It works fine on my host (Arch).

It can also be easily used with Firejail.

https://wiki.archlinux.org/index.php/Firejail#Use_With_hardened_malloc

Daniel Micay is very trusted and respected in the infosec community. He has put a lot of work into hardening Android and Linux in general. A lot of his patches have even been accepted upstream.

2 Likes
  • What are other options in this space? I’m familiar with Micay’s great work, but I’m curious what other advances/implementations are available.

  • What is the effect on Tor Browser fingerprinting? I think we should ask upstream about their opinion on this just in case.

EDIT:
Related ticket:
https://trac.torproject.org/projects/tor/ticket/10281

Ideally we would have them support this upstream so anyTBB cross acrch support is automatically rolled in.

3 Likes

Needs a Debian RFP:

(Similar to: https://github.com/theupdateframework/tuf/issues/263)

2 Likes

I don’t know any other hardened memory allocators. The ticket you linked seems to have some.

I doubt a website could access that kind of information. It seems unlikely but not impossible.

2 Likes

There is a related issue about Xorg and man.

It seems some syscalls just need to be added to the whitelist.

2 Likes

I’m not against it if this if you will be available to maintain it/deal with breakage and if it is simple to reverse it via an apt update to the default malloc until the breakage is fixed.

2 Likes

It’d probably be best to use it just for high-risk applications like the Tor Browser. I’d imagine using it system-wide would cause a lot of problems.

2 Likes

Agreed. That’s what my comments apply to.

2 Likes

I’ve just tested hardened_malloc with the Tor Browser on the Workstation and it works flawlessly.

There was just a compilation error due to Debian using an outdated GCC that is now resolved as I raised an issue on the github repo.

2 Likes

General system hardening guide?

It can be useful for SecBrowser and even Tor on the GW if we test for breakage. Perhaps assigned for bash instances if it detects it is installed. While we can’t/shouldn’t switch the entire system to it we can do this on a per process basis.

2 Likes

That sounds like a good idea although how would we get programs to use it by default? Would it need a bunch of wrappers?

1 Like

Hopefully not.
Issue: there are no stackable wrappers, see https://phabricator.whonix.org/T634

Old, working for its purpose, covering much of user applications but not system applications:

Maybe /usr/lib/environment.d/*.conf would come to rescue (much better than above) as per https://www.freedesktop.org/software/systemd/man/environment.d.html?

Wondering if there is a systemd feature “set this environment variable for all systemd units”? Ask upstream systemd about it?

Or can we replace system default malloc?

Ask hardened malloc developer how to apply to everything or as much as possible?

1 Like

That would set it system-wide which we probably don’t want as it’ll break a lot of things.

Yes. You could add

Environment="LD_PRELOAD='/usr/lib/libhardened_malloc.so'"

See https://www.freedesktop.org/software/systemd/man/systemd.exec.html#Environment

You can do that but that will break a lot of things.

1 Like

https://www.whonix.org/wiki/Whonix-Workstation_Security#Hardened_Malloc

1 Like

Version 1 was released.

Considering packaging for Whonix.

2 Likes

I didn’t realy dive into it but setting sys-wide broke Tor Browser for me.

2 Likes

Does starting it directly by running /home/user/.tb/Browser/start-tor-browser break it?

It probably broke something that /usr/bin/torbrowser does.

1 Like

Reconfigred sys-wide malloc in a whonix-ws-15 TemplateVM and Tor Browser worked as expected. The previous issue was with a whonix-ws-14 based AppVM which had a “memory error” when starting Tor Browser (would not start) just after configuring hardened_malloc. I could always restore Whonix 14 templates from backup if you’d like.

3 Likes
2 Likes
2 Likes
[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]