From efd71e70c7213d092a9fa3634972cc1f577944ba Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Wed, 12 Jan 2022 08:58:00 -0500 Subject: [PATCH] update documentation based on light configuration --- README.md | 33 +++++++++++++++------------------ 1 file changed, 15 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index edc55c2..cf477c8 100644 --- a/README.md +++ b/README.md @@ -200,6 +200,21 @@ is the same as `make`. Non-default configuration templates will build a library with the suffix `-variant` such as `libhardened_malloc-light.so` and will use an `out-variant` directory instead of `out` for the build. +The `default` configuration template has all normal optional security features +enabled (just not the niche `CONFIG_SEAL_METADATA`) and is quite aggressive in +terms of sacrificing performance and memory usage for security. The `light` +configuration template disables the slab quarantines, write after free check, +slot randomization and raises the guard slab interval from 1 to 8 but leaves +zero-on-free and slab canaries enabled. The `light` configuration has solid +performance and memory usage while still being far more secure than mainstream +allocators with much better security properties. Disabling zero-on-free would +gain more performance but doesn't make much difference for small allocations +without also disabling slab canaries. Slab canaries slightly raise memory use +and slightly slow down performance but are quite important to mitigate small +overflows and C string overflows. Disabling slab canaries is not recommended +in most cases since it would no longer be a strict upgrade over traditional +allocators with headers on allocations and basic consistency checks for them. + For reduced memory usage at the expense of performance (this will also reduce the size of the empty slab caches and quarantines, saving a lot of memory, since those are currently based on the size of the largest size class): @@ -208,24 +223,6 @@ since those are currently based on the size of the largest size class): N_ARENA=1 \ CONFIG_EXTENDED_SIZE_CLASSES=false -The default configuration has all normal security features enabled (just not -the niche `CONFIG_SEAL_METADATA`) and is quite aggressive in terms of -sacrificing performance and memory usage for security. An example of a leaner -configuration disabling expensive security features other than zero-on-free / -slab canaries along with using far fewer guard slabs: - - make \ - CONFIG_WRITE_AFTER_FREE_CHECK=false \ - CONFIG_SLOT_RANDOMIZE=false \ - CONFIG_SLAB_QUARANTINE_RANDOM_LENGTH=0 \ - CONFIG_SLAB_QUARANTINE_QUEUE_LENGTH=0 \ - CONFIG_GUARD_SLABS_INTERVAL=8 - -This is a more appropriate configuration for a more mainstream OS choosing to -use hardened\_malloc while making a smaller memory and performance sacrifice. -The slot randomization isn't particularly expensive but it's low value and is -one of the first things to disable when aiming for higher performance. - The following boolean configuration options are available: * `CONFIG_WERROR`: `true` (default) or `false` to control whether compiler