jmb/hardened_malloc
1
0
Fork 0
mirror of https://github.com/GrapheneOS/hardened_malloc.git synced 2025-10-27 14:36:32 +01:00
Code Issues Projects Releases Packages Wiki Activity

provide link to Bionic integration commit

Browse source
This commit is contained in:
Daniel Micay 2019-08-18 01:43:57 -04:00
parent 04f69d9f0d
commit defd55f302
1 changed files with 7 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
README.md
View file

@ -106,12 +106,13 @@ libraries.
On GrapheneOS, hardened\_malloc is integrated into the standard C library as
the standard malloc implementation. Other Android-based operating systems can
reuse the integration code to provide it. If desired, jemalloc can be left as
a runtime configuration option by only conditionally using hardened\_malloc to
give users the choice between performance and security. However, this reduces
security for threat models where persistent state is untrusted, i.e. verified
boot and attestation (see the [attestation sister
project](https://attestation.app/about)).
reuse [the integration
code](https://github.com/GrapheneOS/platform_bionic/commit/20160b81611d6f2acd9ab59241bebeac7cf1d71c)
to provide it. If desired, jemalloc can be left as a runtime configuration
option by only conditionally using hardened\_malloc to give users the choice
between performance and security. However, this reduces security for threat
models where persistent state is untrusted, i.e. verified boot and attestation
(see the [attestation sister project](https://attestation.app/about)).
Make sure to raise `vm.max_map_count` substantially too to accomodate the very
large number of guard pages created by hardened\_malloc. This can be done in