Conversation

Standalone hardened_malloc version 5 released: github.com/GrapheneOS/har.

Full list of changes from the previous release (version 4). See the README for this release for an overview of the project and many details about the design goals and implementation. These integer...

Replying to

I just read the introduction on Github, to understand what hardened_malloc is. I read it 5 times and I don't get it, haha. Is it some sort of application for GrapheneOS?

Replying to

and

The first two sentences are a good overview: > This is a security-focused general purpose memory allocator providing the malloc API along with various extensions. It provides substantial hardening against heap corruption vulnerabilities. It's a replacement for an OS component.

4:23 PM · Jan 7, 2021Twitter Web App

Replying to

and

It's portable to other operating systems. It's being used by Whonix and others. It provides substantial defenses against the most common form of remote code execution vulnerabilities: heap memory corruption bugs. It's a way to defend against them beyond fixing each case-by-case.

Replying to

and

It also has other secondary benefits such as clearing sensitive data from memory as soon as it's not needed anymore. It's one of the core security features of GrapheneOS. There are plans for various future enhancements / extensions to provide more security too.

Show replies