Conversation

Some initial documentation for my new hardened malloc implementation: github.com/AndroidHardeni It's still in an early state of development with major parts of the core design and many security features not yet implemented. It should work with nearly any programs already though.

github.com

hardened_malloc/README.md at main · GrapheneOS/hardened_malloc

Hardened allocator designed for modern systems. It has integration into Android's Bionic libc and can be used externally with musl and glibc as a dynamic library for use on other Linux-base...

11:05 AM · Aug 26, 2018Twitter Web Client

Replying to

Here's a simple test program demonstrating the isolated memory regions: gist.github.com/thestinger/dd7 Output with the glibc allocator is included as a reference point (the offsets are constant in practice) and then 3 samples with a recent revision of this new malloc implementation.

gist.github.com

offset.c

GitHub Gist: instantly share code, notes, and snippets.

You’re unable to view this Tweet because this account owner limits who can view their Tweets. Learn more

Replying to

and

Scudo is entirely based on inline metadata and free lists. It relies on CRC32 to detect metadata corruption and can't reliably detect invalid free in the same way. Having fully out-of-line metadata is extremely important for providing many other security properties too.

Show replies