Anyone out there running hardened allocators on linux/ with rust services? We have a number of native dependencies that I'd like to hedge against.
Conversation
Replying to
github.com/GrapheneOS/har works well with Rust applications on a server.
Can choose if you want to use lite or regular config based on whether you're willing to dedicate substantial CPU time and performance to optional security features including the slab allocation quarantines.
2
4
github.com/GrapheneOS/har vs github.com/GrapheneOS/har is the choice. It will build both by default. Need to use `make CONFIG_NATIVE=false` or set it in the config file and ideally pass CPU architecture manually if you deploy it somewhere other than where you build. Helps a fair bit.
1
4
Replying to
Also worth noting that for 1 process on a server, the memory usage from slab quarantines in the default configuration isn't that high. Since it hangs onto memory per size class per arena it depends on # arenas/processes (4 by default, 1 is better for stuff without parallelism).
1
3
Light configuration cost is comparable to speed of glibc without thread cache + zeroing on free. Default adds slab allocation quarantines, write after free check, slot rand and a guard slab is between every slab instead of between every 8 (raising vm.max_map_count is important).
1
3
Can stick it in /etc/ld.so.preload within each namespace to use it as much as possible without rebuilding stuff or just dynamically link it against your application to only use it there. It's really easy to see if it's working based on /proc/PID/maps from terabytes of PROT_NONE.
1
2