Hardened Malloc

[monsieuremre]

Depends on hardened malloc and enables it for all system and user services as default. User applications are thus unaffected, like web browsers etc. Most sensitive and vulnerable OS components use hardened malloc and are hardened against memory corruption and heap exploits.

[adrelanos]

Thank you for your pull request! Unfortunately, this is the wrong repository.

security-misc is the wrong package for this sort of Depends:. That belongs into kicksecure-meta-packages. As per: https://github.com/Kicksecure/security-misc/issues/169

https://github.com/Kicksecure/kicksecure-meta-packages

Enabling hardened malloc by default belongs for system and user systemd units the hardened-malloc.

https://github.com/Kicksecure/hardened_malloc

That source code repository currently generates two packages:

• hardened-malloc
• hardened-malloc-light-enable

Welcome contributions:

• A) A contribution for hardened-malloc-default-enable. Or,
• B) Enable hardened malloc default in package hardened-malloc by default for user and systemd units.

For B) merging would be blocked if it breaks X11 inside VirtualBox. That would be blocked until port to Wayland is complete. Related:

• https://github.com/Kicksecure/security-misc/issues/168
• https://forums.whonix.org/t/port-to-wayland/17380

Other blockers would be if browsers are broken by default. This is because enabling hardened malloc for systemd units might get inherited by the DE (desktop environment) all the way until the browser.

[monsieuremre]

This would only affect services. If anything is affected, it can be exempted easily with the same manner. This may not be the right place, you are right. Tho there is no way to open an issue here:

https://github.com/Kicksecure/hardened_malloc

[adrelanos]

This may not be the right place, you are right. Tho there is no way to open an issue here:

https://github.com/Kicksecure/hardened_malloc

Fixed.

[monsieuremre]

Alright, moving to the repo itself.