From 4776c3e8128795bdfd98e567ccbd31004930a094 Mon Sep 17 00:00:00 2001 From: Tommy Date: Sun, 24 Mar 2024 23:30:19 -0700 Subject: [PATCH] Update hardened malloc info (#216) * Update hardened malloc info Signed-off-by: Tommy * Add link Signed-off-by: Tommy --------- Signed-off-by: Tommy --- content/posts/linux/Desktop Linux Hardening.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/posts/linux/Desktop Linux Hardening.md b/content/posts/linux/Desktop Linux Hardening.md index e371e10..9c41a2a 100644 --- a/content/posts/linux/Desktop Linux Hardening.md +++ b/content/posts/linux/Desktop Linux Hardening.md @@ -382,7 +382,7 @@ linux‑hardened has unprivileged user namespaces (`kernel.unprivileged_user The [hardened memory allocator (hardened_malloc)](https://github.com/GrapheneOS/hardened_malloc) from GrapheneOS can be used on general Linux distributions, though [only for some programs](https://www.kicksecure.com/wiki/Hardened_Malloc). -Kicksecure installs it by default (though not enabled by default) and provides [in‑depth usage instructions](https://www.kicksecure.com/wiki/Hardened_Malloc) relevant to all distributions. On Arch-based systems, hardened_malloc is [available through the AUR](https://wiki.archlinux.org/title/Security#Hardened_malloc). Divested Computing Group maintains a [Fedora build](https://github.com/divestedcg/rpm-hardened_malloc). +Kicksecure installs it by default (though not enabled by default) and provides [in‑depth usage instructions](https://www.kicksecure.com/wiki/Hardened_Malloc) relevant to all distributions. On Arch-based systems, hardened_malloc is [available through the AUR](https://wiki.archlinux.org/title/Security#Hardened_malloc). Divested Computing Group maintains an x86_64 [Fedora build](https://github.com/divestedcg/rpm-hardened_malloc) with micro-architecture optimized builds (x86_64_v3, x86_64_v4, etc). SecureBlue provides a [copr repository](https://copr.fedorainfracloud.org/coprs/secureblue/hardened_malloc/) for Fedora with both x86_64 and aarch64 builds, albeit without micro-architecture optimized builds like Divested Computing Group. ### Mountpoint Hardening