Fix minor typo (#555)

This commit is contained in:
Daniel Gray 2022-01-14 13:36:44 +00:00
parent 2d17bb15d9
commit 0073613624
No known key found for this signature in database
GPG Key ID: 41911F722B0F9AE3

View File

@ -177,6 +177,6 @@ We have these general tips:
<li><strong>Hardened Memory Allocator:</strong> GrapheneOS uses the <a href="https://github.com/GrapheneOS/hardened_malloc">hardened malloc</a> subproject as its memory allocator. This focuses on hardening against <a href="https://en.wikipedia.org/wiki/Memory_corruption">memory heap corruption</a>. CalyxOS uses the default AOSP <a href="https://source.android.com/devices/tech/debug/scudo">Scudo Malloc</a>, which is generally <a href="https://twitter.com/danielmicay/status/1033671709197398016">less effective</a>. Hardened Malloc has uncovered vulnerabilities in AOSP which have been <a href="https://github.com/GrapheneOS/platform_system_core/commit/be11b59725aa6118b0e1f0712572e835c3d50746">fixed</a> by GrapheneOS such as <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-0703">CVE-2021-0703</a>.</li> <li><strong>Hardened Memory Allocator:</strong> GrapheneOS uses the <a href="https://github.com/GrapheneOS/hardened_malloc">hardened malloc</a> subproject as its memory allocator. This focuses on hardening against <a href="https://en.wikipedia.org/wiki/Memory_corruption">memory heap corruption</a>. CalyxOS uses the default AOSP <a href="https://source.android.com/devices/tech/debug/scudo">Scudo Malloc</a>, which is generally <a href="https://twitter.com/danielmicay/status/1033671709197398016">less effective</a>. Hardened Malloc has uncovered vulnerabilities in AOSP which have been <a href="https://github.com/GrapheneOS/platform_system_core/commit/be11b59725aa6118b0e1f0712572e835c3d50746">fixed</a> by GrapheneOS such as <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-0703">CVE-2021-0703</a>.</li>
<li><strong>Secure Exec Spawning:</strong> GrapheneOS <a href="https://en.wikipedia.org/wiki/Spawn_(computing)">spawns</a> fresh processes as opposed to using the <a href="https://ayusch.com/android-internals-the-android-os-boot-process">Zygote model</a> used by AOSP and CalyxOS. The Zygote model weakenes <a href="https://en.wikipedia.org/wiki/Address_space_layout_randomization">Address Space Layout Randomization</a> (ASLR) and is considered <a href="https://wenke.gtisc.gatech.edu/papers/morula.pdf">less secure</a>. Creating <a href="https://grapheneos.org/usage#exec-spawning">fresh processes</a> is safer but will have some performance penalty when launching a new application. These penalties are not really noticeable unless you have an <a href="https://support.google.com/nexus/answer/4457705">old device</a> with slow storage such as the Pixel 3a/3a XL as it has <a href="https://en.wikipedia.org/wiki/MultiMediaCard#eMMC">eMMC</a>.</li> <li><strong>Secure Exec Spawning:</strong> GrapheneOS <a href="https://en.wikipedia.org/wiki/Spawn_(computing)">spawns</a> fresh processes as opposed to using the <a href="https://ayusch.com/android-internals-the-android-os-boot-process">Zygote model</a> used by AOSP and CalyxOS. The Zygote model weakens <a href="https://en.wikipedia.org/wiki/Address_space_layout_randomization">Address Space Layout Randomization</a> (ASLR) and is considered <a href="https://wenke.gtisc.gatech.edu/papers/morula.pdf">less secure</a>. Creating <a href="https://grapheneos.org/usage#exec-spawning">fresh processes</a> is safer but will have some performance penalty when launching a new application. These penalties are not really noticeable unless you have an <a href="https://support.google.com/nexus/answer/4457705">old device</a> with slow storage such as the Pixel 3a/3a XL as it has <a href="https://en.wikipedia.org/wiki/MultiMediaCard#eMMC">eMMC</a>.</li>
</ul> </ul>
<p><strong>Please note that these are just a few examples and are not an extensive list of GrapheneOS's hardening</strong>.</p> <p><strong>Please note that these are just a few examples and are not an extensive list of GrapheneOS's hardening</strong>.</p>