Hardened_malloc
github.comI'd love to see this as easily enabled in mainstream distros like Debian. Perhaps by being incorporated into the major libraries? Memory safety problems are a huge problem and this looks like it would counter many of the heap related ones. Thoughts?
The devs are especially interested in a distribution of musl with hardened_malloc integrated for easy static linking.
Until then, LD_PRELOAD is your friend (assuming you build with semantic interposition).
LD_PRELOAD is my enemy! It's a glibc thing rootkits like to abuse. I know there are legit uses for it but it has no place in a hardened environment.
How taboo is it to just patch glibc and maintain it your own repo? Or even make it public.
The GitHub mentions 8B canaries after allocated blocks, how realistic is it that canaries can be overwritten as they were allocated in an overflow attack to continue writing the payload?
The point of canaries is not that you can't overwrite then, it's that you won't know what to overwrite them with (and are forced to overwrite them, thus detecting the overflow).
However, as someone who does this type of exploitation for fun and has a little bit of experience with heap attacks, I doubt the canaries are particularly effective at stopping exploits, and the README basically admits this as well.
very