Hardened_malloc is a security enhanced memory allocator forked from OpenBSD and maintained and used in GrapheneOS. It protects against various memory exploits and works just fine on Linux, I tried Gaming and more.
The Fedora variant “Secureblue” has it preinstalled, they maintain the COPR and handle the preloading also for Flatpak apps.
By default Firefox doesnt accept that though, and gives some memory errors. Fedora Firefox should now work with hardened_malloc, as they applied a build argument to allow it.
I think Desktop linux could adopt more… like a hardened, not tracking, neutral webview so projects could stop using damn Electron. Like actually having a slim and efficient system, without the need to not use Sandboxing.
Not sure if bionic is better than glibc too. Musl probably is, and the problem is binary package repos so you will need to use Alpine to get rid of glibc
Btw Fedora Firefox now supports LD_PRELOADING hardened_malloc natively, pretty cool.
What do these do?
Hardened_malloc is a security enhanced memory allocator forked from OpenBSD and maintained and used in GrapheneOS. It protects against various memory exploits and works just fine on Linux, I tried Gaming and more.
The Fedora variant “Secureblue” has it preinstalled, they maintain the COPR and handle the preloading also for Flatpak apps.
By default Firefox doesnt accept that though, and gives some memory errors. Fedora Firefox should now work with hardened_malloc, as they applied a build argument to allow it.
Holy shit, Android using the Linux kernel is actually helpful for once? I’m shocked
They have all their own userland stuff.
I think Desktop linux could adopt more… like a hardened, not tracking, neutral webview so projects could stop using damn Electron. Like actually having a slim and efficient system, without the need to not use Sandboxing.
Not sure if bionic is better than glibc too. Musl probably is, and the problem is binary package repos so you will need to use Alpine to get rid of glibc