Conversation
Now, I am trying to figure out the differences or similarities between Scudo and other secure allocators, like 's malloc ( ) or 's malloc or Guarder (usenix.org/system/files/c)
[2]
1
1
After reading the series of nice tweets from (twitter.com/ebeip90/status), I understood some things but still learning and still have to read the source code of the above mentioned secure allocators.
[3]
This Tweet is unavailable.
1
1
Here, I am just trying to summarize the differences (compare to Scudo), please correct me, if I misunderstood:
1. Scudo can't reliably detect invalid free.
2. It lacks fine grained randomization.
Is there any differences if we try to compare all 3 above mentioned allocators?🤔
3
1
1
Scudo detects misaligned deallocations, invalid deallocations, or double deallocations. Allocations are randomized within their size class regions and based on the underlying OS memory mapping primitives randomization
2
2
There's a substantial difference between detecting something reliably with a deterministic mitigation, or a weak probabilistic one that an attacker can bypass via information leaks or brute force. It's an important distinction. Detection of those things needs to be qualified.
1
2
The mmap randomization on Linux is high entropy base randomization for the mmap as a whole so leaking a (partial) pointer reveals it. Relative offsets within it also aren't random and it packs everything together by best-fit so it's not inherently sparse & heap sprays work well.
1
2
There's a detailed README for hardened_malloc at github.com/GrapheneOS/har and I suggest that people read that and also don't misrepresent it in comparisons to other allocators:
github.com/GrapheneOS/har
The differences with Scudo certainly don't boil down to a few minor points.
Thanks for the information and clarification. I shall refer the github documentation for the hardened_malloc. And, my apologies if I misrepresent something.
1