{{Header}}
{{#seo:
|description=memory allocator for many applications to increase security - manual installation
}}
{{mbox
| type = notice
| image = [[File:Ambox_notice.png|40px|alt=Info]]
| text = Look into [[Hardened_Malloc|Hardened Malloc]] first.
}}
== Install Hardened Malloc ==
Users of Linux distributions that are not based on Debian must compile Hardened Malloc from source.
Hardened Malloc is available form the {{project_name_long}} APT repository for Debian-based distributions.
To do this, it is necessary to install g++ for compilation.
{{Box|text=
'''1.''' Update the package lists.
{{CodeSelect|code=
sudo apt update
}}
'''2.''' Install g++
, and git
to clone the repository.
{{CodeSelect|code=
sudo apt install g++ git
}}
'''3.''' {{git clone verify
|software=hardened malloc
|where= a terminal to download and verify the signing key and source code
|footnote=
https://grapheneos.org/install
https://github.com/GrapheneOS/hardened_malloc/issues/82
|key=scurl-download https://github.com/thestinger.gpg
|fingerprintcheck=gpg --keyid-format long --with-fingerprint thestinger.gpg
|fingerprintresult=
gpg: WARNING: no command supplied. Trying to guess what you mean ...|keyimport=gpg --import thestinger.gpg |git=git clone https://github.com/GrapheneOS/hardened_malloc |folder=hardened_malloc |verification=git tag --verify 8 |result=
pub rsa4096/F9E712E59AF5F22A 2012-12-06 [SC]
Key fingerprint = 65EE FE02 2108 E2B7 08CB FCF7 F9E7 12E5 9AF5 F22A
uid Daniel Micay
uid Daniel Micay
uid Daniel Micay
uid Daniel Micay
uid Daniel Micay
sub rsa4096/7363D2F61FDC8A7F 2012-12-06 [E]
object d80919fa1e8042a070a3f9b2560ff2ecac8a75da type commit tag 8 tagger Daniel Micay}} '''4.''' Checkout the tag. {{CodeSelect|code= git checkout 8 }} '''5.''' Build the program. This will only take a few seconds, depending on your system's resources. {{CodeSelect|code= make }} '''6.''' Move the hardened_malloc library to the system library folder Create folder1562939118 -0400 8 gpg: Signature made Fri 12 Jul 2019 09:45:21 AM EDT gpg: using RSA key 65EEFE022108E2B708CBFCF7F9E712E59AF5F22A gpg: issuer "danielmicay@gmail.com" gpg: Good signature from "Daniel Micay " [unknown] gpg: aka "Daniel Micay " [unknown] gpg: aka "Daniel Micay " [unknown] gpg: aka "Daniel Micay " [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 65EE FE02 2108 E2B7 08CB FCF7 F9E7 12E5 9AF5 F22A
/usr/lib/libhardened_malloc.so
{{CodeSelect|code=
sudo mkdir -p /usr/lib/libhardened_malloc.so
}}
Move the library.
{{CodeSelect|code=
sudo mv libhardened_malloc.so /usr/lib/x86_64-linux-gnu/libhardened_malloc-light.so
}}
'''7.''' Set SUID (set-user-id
).
* https://web.archive.org/web/20231223101913/https://gist.github.com/SkewedZeppelin/7f293d64c1c651bdc21526519d9e192b
* https://forums.whonix.org/t/hardened-malloc-hardened-memory-allocator/7474/224
{{CodeSelect|code=
sudo chmod u+s /lib/x86_64-linux-gnu/libhardened_malloc.so
}}
'''8.''' Done.
Installation of Hardened Malloc has been completed.
}}
= How-to: Launch Applications with Hardened Malloc =
== Systemd Services ==
To launch individual systemd services with hardened malloc, add drop a systemd configuration snippet.
{{CodeSelect|code=
Environment="LD_PRELOAD='libhardened_malloc.so'"
}}
== Other Applications ==
To launch other applications with Hardened Malloc, the LD_PRELOAD
environment variable must be edited before starting the application. For example, to launch application-name
in this way, run.
{{CodeSelect|code=
LD_PRELOAD='libhardened_malloc.so' application-name
}}
== All Applications by Default ==
Note: This action may break numerous applications such as man, apt or Xorg.
It is possible to make all applications use Hardened Malloc as the default memory allocator. To configure this option, the path to the hardened_malloc.so
library must be added to the /etc/ld.so.preload
file.
{{Box|text=
'''1.'''
{{Open with root rights|filename=
/etc/ld.so.preload
}}
'''2.''' Add the hardened_malloc.so
library.
{{CodeSelect|code=
libhardened_malloc.so
}}
'''3.''' Save the file.
The procedure is complete.
}}
= Footnotes =
{{reflist|close=1}}
{{Footer}}
[[Category:Documentation]]