jmb
/
hardened_malloc
mirror of https://github.com/GrapheneOS/hardened_malloc.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

note about getrandom with syscall whitelists

pull/87/head
Daniel Micay 2019-06-01 04:06:43 -04:00
parent b40ba9754b
commit 64a1f59020
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -666,6 +666,12 @@ System calls used by all build configurations:
* `munmap` * `munmap`
* `write(STDERR_FILENO, buf, len)` (before aborting due to memory corruption) * `write(STDERR_FILENO, buf, len)` (before aborting due to memory corruption)
The main distinction from a typical malloc implementation is the use of
getrandom. A common compatibility issue is that existing system call whitelists
often omit getrandom partly due to older code using the legacy `/dev/urandom`
interface along with the overall lack of security features in mainstream libc
implementations.
Additional system calls when `CONFIG_SEAL_METADATA=true` is set: Additional system calls when `CONFIG_SEAL_METADATA=true` is set:
* `pkey_alloc` * `pkey_alloc`