Update hardened_malloc information (#249)

* Update hardened_malloc information

Signed-off-by: Tommy <contact@tommytran.io>
Co-authored-by: wj25czxj47bu6q <96372288+wj25czxj47bu6q@users.noreply.github.com>
This commit is contained in:
Tommy 2024-06-16 13:38:37 -07:00 committed by GitHub
parent 9001a58ccf
commit 6f6b9b5c16
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -384,7 +384,10 @@ linux&#8209;hardened disables unprivileged user namespaces (`kernel.unprivileged
The [hardened memory allocator (hardened_malloc)](https://github.com/GrapheneOS/hardened_malloc) from GrapheneOS can be used on general Linux distributions, though [only for some programs](https://www.kicksecure.com/wiki/Hardened_Malloc).
Kicksecure installs it by default (though not enabled by default) and provides [in&#8209;depth usage instructions](https://www.kicksecure.com/wiki/Hardened_Malloc) relevant to all distributions. On Arch-based systems, hardened_malloc is [available through the AUR](https://wiki.archlinux.org/title/Security#Hardened_malloc). Divested Computing Group maintains an x86_64 [Fedora build](https://github.com/divestedcg/rpm-hardened_malloc) with micro-architecture optimized builds (x86_64_v3, x86_64_v4, etc). SecureBlue provides a [copr repository](https://copr.fedorainfracloud.org/coprs/secureblue/hardened_malloc/) for Fedora with both x86_64 and aarch64 builds, albeit without micro-architecture optimized builds like Divested Computing Group.
On Fedora and Red Hat Enterprise Linux, secureblue provides a [Copr repository](https://copr.fedorainfracloud.org/coprs/secureblue/hardened_malloc/) with both x86_64 and aarch64 architecture support. Divested Computing Group has a [similar build](https://github.com/divestedcg/rpm-hardened_malloc) for Fedora, but with only x86_64 support. Using secureblue's repository is recommended, as the Divested repository is known to [block certain IP addresses](https://grapheneos.social/@Tommy/112274772803550392).
On Arch-based systems, hardened_malloc is [available through the AUR](https://wiki.archlinux.org/title/Security#Hardened_malloc).
### Disabling XWayland