Daniel Micay
Daniel Micay
Also worth noting: hardened_malloc has entirely separate allocators for each small (slab) allocation size class within each arena with separate locks. It has global locking for large allocations and then...
The issue at AndroidHardeningArchive/bugtracker#451 is about using the existing infrastructure for fingerprint unlock as a secondary unlock mechanism to add support for having a PIN as a secondary unlock mechanism....
By the way, https://github.com/GrapheneOS/os_issue_tracker/issues/28 is the new issue about implementing a replacement as a proper secondary unlock mechanism for FBE. I'd really recommend that anyone interested in this kind of...
Going to need to come up with a way of quantifying the possible security from this feature as part of choosing a design approach. It hasn't yet been implemented because...
The delay is measured in terms of deallocation cycles (for the future slab allocation quarantine), or in this case number of free slabs. There's the concept of a partial slab...
This is the existing quarantine for large allocations, which are memory mappings with randomly sized guard regions: https://github.com/AndroidHardening/hardened_malloc/blob/3db3e167ede6a9bd035f9145b5cb817954e150dd/malloc.c#L551-L584. It uses a randomized array and a ring buffer as a queue....
Another example of a deterministic mitigation is reserving a tag value for freed memory and setting it on free. The slab allocator can also store the previous random tag in...
@jvoisin No, doesn't appear they did. They added software tagging based on TBI (Top Byte Ignore) which doesn't have checks for temporal or bounds issues in the code using it....
Not sure there's much point in this, but it's nice to have a historical issue filed about it.
This is a hard problem, and I'm not sure how much is really worth doing or if it's worth trying to do more than making it no worse than doing...