Question 1

hardened_malloc vs jemalloc which is better for security?

Accepted Answer

hardened_malloc is explicitly designed for security with deterministic protections and memory isolation, while jemalloc focuses on performance and scalability. For threat models prioritizing exploit mitigation, hardened_malloc is a strict upgrade, though jemalloc may be faster in benchmarks.

Question 2

How to install hardened_malloc on Ubuntu?

Accepted Answer

Build from source using the provided Makefile, then preload it via /etc/ld.so.preload. You must first increase vm.max_map_count in sysctl and ensure your system meets dependencies like glibc 2.41, as detailed in the OS integration section.

Question 3

What performance hit can I expect from hardened_malloc?

Accepted Answer

Overhead varies by workload; features like zero-on-free and randomization add cost, but the 'light' configuration reduces this while keeping core protections. The README notes that performance is sacrificed for security in the default setup.

Question 4

Does hardened_malloc work with Docker containers?

Accepted Answer

Yes, but you need to configure the container to allow necessary system calls (e.g., getrandom) and adjust memory mapping limits. Preloading via ld.so.preload may require container-specific setup, as mentioned in the traditional Linux integration notes.

Question 5

Can I use hardened_malloc to debug memory leaks?

Accepted Answer

No, it's designed for production hardening, not debugging. It lacks features like allocation stack traces and focuses on preventing exploitation rather than finding bugs, as stated in the core design philosophy.

Question 6

Is memory tagging enabled by default in hardened_malloc?

Accepted Answer

Memory tagging support is integrated but depends on hardware (ARMv8.5+ MTE). The README explains it provides random tags and free-slot tagging, but it's not automatically enabled on all builds; configuration may vary for Android vs. Linux.

Question 7

How to configure hardened_malloc for lighter security?

Accepted Answer

Use the 'light' variant via make VARIANT=light, which disables slab quarantines and write-after-free checks while keeping zero-on-free and canaries. The README provides details on tuning options like CONFIG_GUARD_SLABS_INTERVAL.

hardened_malloc

What is hardened_malloc?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions