Kicksecure ™

Download

On Computer USB Installation Debian morph to Kicksecure Windows (VM) Linux (VM) Mac (VM) VirtualBox (VM) KVM (VM) Qubes (VM) More options Source Code

About

Overview Features Why Open Source? Project Activities Contributors Mission & Vision

Docs

Documentation FAQ Troubleshooting

Community

Forums Contribute

Support

Self Support First Policy Search Engines, Docs and AI Support (Limited) Reporting Bugs Contact (Restricted)

Tools Upload file Special pages Recent changes Print Version Page meta What links here Related changes Page information

Page Read Edit History Move Protection Unwatch Watch Delete Purge

User Preferences Watchlist Contributions Logout Create account Login

Donate

Hardened Memory Allocator for many Applications to increase Security

Deprecation in Kicksecure[edit]

Reasons:

• Not stable enough: Through testing and integration development in Kicksecure, the unresolveable #Issues being found, it has been determined that it will never be stable enough to be suitable for installation by default for all users.
• Unclear Benefit: See chapter #Tickets and Discussions. Whenever it has been suggested to other projects to port to Hardened Malloc (HM), it did not get favorable reviews from other developers.
• Lack of outreach by upstream: Upstream mentioned that others do not understand HM but also does not have time to engage with them.
• Potential future deprecation by upstream: Upstream contemplated deprecation of Hardened Malloc support for usage outside of a Android / GrapheneOS context.
• Security issues? No. Users can keep using Hardened Malloc (Default) or Hardened Malloc Light until the next major release (Kicksecure version 18) but it will be unsupported.
• Future: Is there any chance this package will get unarchived, maintained again in Kicksecure? No.
• Forum discussion: https://forums.whonix.org/t/hardened-malloc-hardened-memory-allocator/7474/231

Introduction[edit]

Hardened Malloc (Default) is a hardened memory allocator which can be used with many applications to increase security.

This is a security-focused general purpose memory allocator providing the malloc API along with various extensions. It provides substantial hardening against heap corruption vulnerabilities. The security-focused design also leads to much less metadata overhead and memory waste from fragmentation than a more traditional allocator design. It aims to provide decent overall performance with a focus on long-term performance and memory usage rather than allocator micro-benchmarks. It offers scalability via a configurable number of entirely independently arenas, with the internal locking within arenas further divided up per size class.Daniel Micay, Hardened Malloc developer, founder and lead developer of GrapheneOS, hardened_malloc project page

Readers who wish to discuss the integration of Hardened Malloc with Kicksecure should refer to this forum thread.

Naming[edit]

The author of Hardened Malloc uses only the terms:

• Hardened Malloc
• Hardened Malloc Light

To distinguish better which version is used, this websites uses the terms:

• Hardened Malloc (Default)
• Hardened Malloc Light

This is unrelated to price. Both versions are Freedom Software, free as in price as well as in freedom.

Hardened Malloc Light is provided for cases in which Hardened Malloc (Default) cannot be used due to application specific issues. Hardened Malloc (Default) might trigger issues due to memory allocation bugs found in some applications.

Installation[edit]

Hardened Malloc (Default) is pre-installed.

How-to: Launch Applications with Hardened Malloc Default[edit]

Launch Specific Applications with Hardened Malloc Default[edit]

To launch chosen applications with Hardened Malloc (Default), the LD_PRELOAD environment variable must be edited before starting the application.

For example, to launch application-name in this way, run.

LD_PRELOAD='libhardened_malloc.so' application-name

Using administrative rights, example:

sudo LD_PRELOAD='libhardened_malloc.so' apt update

Launch Systemd Services with Hardened Malloc Default[edit]

To launch individual systemd services with Hardened Malloc (Default), add a drop-in systemd configuration snippet.

Environment="LD_PRELOAD='libhardened_malloc.so'"

Launch All Applications by Default with Hardened Malloc Default[edit]

It is possible to make all applications use Hardened Malloc (Default) as the default memory allocator.

Note:

• If using a graphical desktop environment (such as Xfce): This action breaks the graphical desktop environment (Xorg). Most users using a graphical desktop environment (such as Xfce) should not proceed enabling Hardened Malloc (Default) for all applications. Only Hardened Malloc Light is suitable for that.
• If using a command line interface (CLI) (no graphical desktop environment) (such as a server): This can be attempted! Testers only!

To configure this option, the path to the hardened_malloc.so library must be added to the /etc/ld.so.preload file. ^[1]

1. Open file /etc/ld.so.preload in an editor with root rights.

Kicksecure

See Open File with Root Rights for detailed instructions on why to use sudoedit for better security and how to use it.

sudoedit /etc/ld.so.preload

Kicksecure for Qubes

NOTES:

• When using Kicksecure-Qubes, this needs to be done inside the Template.

sudoedit /etc/ld.so.preload

• After applying this change, shutdown the Template.
• All App Qubes based on the Template need to be restarted if they were already running.
• This is a general procedure required for Qubes and unspecific to Kicksecure for Qubes.

Others and Alternatives

• This is just an example. Other tools could achieve the same goal.
• If this example does not work for you or if you are not using Kicksecure, please refer to this link.

sudoedit /etc/ld.so.preload

2. Add the hardened_malloc.so library.

Paste.

libhardened_malloc.so

3. Save the file.

4. Done.

The procedure is complete. Hardened Malloc Default has been enabled for all applications by default.

Disable Hardened Malloc per Application[edit]

In case Hardened Malloc Default/Light is enabled globally for all applications it is possible to disable it for select applications should that be required due to application incompatibilities.

Apply the following steps to disable Hardened Malloc Default/Light per application.

Prepend the ld-system-preload-disable wrapper.

Syntax:

ld-system-preload-disable application

Example:

Notes:

• This disabled all ld system preload. This only matters in case the user previously modified ld system preload configuration file /etc/ld.so.preload which the vast majority of users do not do.
• Replace chromium with the actual application which should be started without ld system preload.

ld-system-preload-disable chromium

Issues[edit]

Incompatible Applications[edit]

Graphical Desktop Environment Xorg[edit]

TODO:

• Xorg systemd drop in InaccessiblePaths=-/etc/ld.so.preload
• port to Wayland

VirtualBox Host Software[edit]

• A) Hardened Malloc on the host: VirtualBox crashes with hardened memory allocator Hardened Malloc on the host. ^[2]
• B) Hardened Malloc inside a VM: However, using HM inside VirtualBox VMs is different. For that, see above wiki chapter.

Browsers[edit]

Firefox[edit]

Using Hardened Malloc Default/Light with Firefox is broken and unsupported. ^[3]

To start Firefox without Hardened Malloc, run.

ld-system-preload-disable firefox-esr

Tor Browser[edit]

Using Hardened Malloc Default/Light with Tor Browser is also is broken and unsupported. Same as above. This is because Tor Browser is based on Firefox. ^[4]

• To start Tor Browser without Hardened Malloc:
  • Note: Adjust path Tor Browser's startup script start-tor-browser if you are using a different Tor Browser installation folder.
  • ld-system-preload-disable ~/.tb/tor-browser/Browser/start-tor-browser
• If using Tor Browser Starter (package: tb-starter) by Whonix developers:
  • ld-system-preload-disable torbrowser

Chromium[edit]

Using Hardened Malloc Default/Light with Chromium is also is broken and unsupported. ^[5]

To start Tor Browser without Hardened Malloc, run.

ld-system-preload-disable chromium

Other Browsers[edit]

It is unknown whether other browsers can benefit from Hardened Malloc Default/Light.

Flatpak[edit]

Flatpak does not honor /etc/ld.so.preload. Therefore using Hardened Malloc with Flatpak applications is currently unsupported. ^[6]

Bug: Hardened Malloc Ignored by Flatpaks

snap[edit]

snap is untested. Possibly has the same issue as Flatpak.

php[edit]

php command from php8.2-cli php package segfaults.

php

zsh: segmentation fault (core dumped)  php

To start PHP on the command line without Hardened Malloc, run.

ld-system-preload-disable php

If PHP is started by other applications such as a web server, it is currently untested if that is broken.

Others[edit]

Other applications might not easily benefit from Hardened Malloc Default/Light for the same reasons outlined in the browsers section above.

Whether an application can benefit from Hardened Malloc Default/Light or not depends on technical implementation details of the application in question. Vendors of applications will probably know if their application is compatible with Hardened Malloc Default/Light. Community wiki contributions are most welcome -- please post any additional vendor Q&As here.

workaround available[edit]

Slowdown of swap-file-creator at shutdown.

• related to above cryptsetup slowdown by factor ~ 7
• workaround OK https://github.com/Kicksecure/swap-file-creator/commit/c65edf17f952ac4a296ae6a0aac5a10541579ff6

no workaround available[edit]

major issues:

• cryptsetup slowdown by factor ~ 6
  • reported upstream: cryptsetup luksFormat slowdown of factor ~ 6 when using hardened memory allocator Hardened Malloc

minor issues:

• Qubes issues (when using Debian based VMs inside Qubes OS):
  • Installing Hardened Malloc and enforce enabling it will lead to duplication in Copy to VM & Move to VM
  • Memory issue founded by Hardened-Malloc - "icon-sender: segfault at ... libc-2.31.so"
• element bug report: Memory issues detected by hardened malloc - libva error: vaGetDriverNameByIndex() failed with unknown libva error, driver_name = (null)

Development Notes[edit]

Tickets and Discussions[edit]

• glibc feature request: /etc/ld.so.preload.d drop-in configuration folder support
• glibc feature request: LD_ETC_IGNORE - environment variable to ignore /etc/ld.so.preload configuration file on a per-application basis
• Debian glibc feature request: consider using hardened malloc (hardened memory allocator)
• Debian request for packaging: RFP: hardened-malloc -- hardened memory allocator
• Qubes feature request: Hardened Malloc For Qubes OpenQA
• chromium feature request: consider using hardened malloc
• https://sourceware.org/bugzilla/show_bug.cgi?id=25223
• Tor Browser feature request: consider using Hardened Malloc for better security in TBB
• tor-dev mailing list: TBB Memory Allocator choice fingerprint implications

Upstream Considerations of Hardened Malloc Deprecation for x86[edit]

Perhaps we'll give up on the partial support for using hardened_malloc outside of an Android-based OS, particularly since people don't seem to understand the difference between it and simply bolting on some hardening features to a traditional allocator design, I've already had the usual experience today.quote Hardened Malloc upstream developer Daniel Micay, @thestinger

How-to: Check Hardened Malloc Status[edit]

Check If Hardened Malloc is Enabled[edit]

Open the terminal and type either:

• A): Using hardened-malloc-enabled-test. hardened-malloc-enabled-test
  • If enabled, should output should show:

    yes

• B): For advanced users: Using systemcheck with command line parameter --verbose. systemcheck --verbose
  • If enabled, should output should include:

    [INFO] [systemcheck] Hardened Malloc: Hardened Malloc enabled.

Check If Hardened Malloc Default or Hardened Malloc Light is Enabled[edit]

hardened-malloc-type-test

Possible outputs:

• none
• default
• light

Kicksecure Feature Default Status Information[edit]

(A) blocker, reason why Hardened Malloc is not enabled by default in Kicksecure yet is because it breaks browsers, which would be confusing.

Credits and Source Code[edit]

The Hardened Malloc upstream source code is maintained by security researcher, Daniel Micay.

This website is the software fork homepage for Hardened Malloc, with a focus on easy installation, added user documentation, and integration with Kicksecure, Whonix^®, Debian, and other distributions. The Kicksecure software fork source code can be found here.

Footnotes[edit]

Kicksecure A secure by default operating system with the latest security research in place.

Dark mode

Follow us on social media

Supported by Power Up Privacy

Kicksecure is proudly supported until 2025 by Power Up Privacy, a privacy advocacy group that seeks to supercharge privacy projects with resources so they can complete their mission of making our world a better place. (Strictly subject to our sponsorship policy.)

At Kicksecure we value freedom and trust, supporting Open Source and Freedom Software

By using this website, you acknowledge you have read, understood, and agree to be bound by these agreements: Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint 2012- 2024 ENCRYPTED SUPPORT LP

Your support makes
all the difference!

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!