Conversation
Replying to
I just read the introduction on Github, to understand what hardened_malloc is. I read it 5 times and I don't get it, haha.
Is it some sort of application for GrapheneOS?
1
The first two sentences are a good overview:
> This is a security-focused general purpose memory allocator providing the malloc API along with various extensions. It provides substantial hardening against heap corruption vulnerabilities.
It's a replacement for an OS component.
1
2
It's portable to other operating systems. It's being used by Whonix and others.
It provides substantial defenses against the most common form of remote code execution vulnerabilities: heap memory corruption bugs. It's a way to defend against them beyond fixing each case-by-case.
1
3
It also has other secondary benefits such as clearing sensitive data from memory as soon as it's not needed anymore. It's one of the core security features of GrapheneOS.
There are plans for various future enhancements / extensions to provide more security too.
See grapheneos.org/features#graph for the higher level overview. The documentation on GitHub is written for developers, not end users.
1
1