On Mon, 2022-09-05 at 22:45 -0400, Daniel Micay via devel wrote:
The comparison is being done incorrectly. Since hardened_malloc
builds
both a lightweight and heavyweight library by default, and since I
already explained this and that the lightweight library still has
optional security features enabled, it doesn't seem to have been done
in
good faith. My previous posts where I provided both concise and
detailed
information explaining differences and the approach were ignored. Why
is
that?
I agree. I decided to do a more fair test myself (I'm quite interested
in hardened_malloc). First, I downloaded the source RPM for my current
kernel:
dnf download --source kernel-5.19.6-200.fc36.x86_64
Then made both heavy and light variants:
sysctl -p /etc/sysctl.d/hardened_malloc.conf
make VARIANT=light
Setup the chroot:
mock -r fedora-36-x86_64 --init
Create our SRPM:
mock -r fedora-36-x86_64 --buildsrpm --spec kernel.spec --sources $PWD
--resultdir $PWD
Now do the compilations:
cp out-light/libhardened_malloc.so .
./preload.sh /usr/bin/time mock -r fedora-36-x86_64 --rebuild kernel-
5.19.6-200.fc36.src.rpm >light.out 2>&1
/usr/bin/time mock -r fedora-36-x86_64 --rebuild kernel-5.19.6-
200.fc36.src.rpm >no_preload.out 2>&1