diff options
author | Robert Scott <code@humanleg.org.uk> | 2019-04-07 22:05:22 +0100 |
---|---|---|
committer | Robert Scott <code@humanleg.org.uk> | 2019-04-16 23:38:24 +0100 |
commit | 16987b936fb4bd25fdd5bfcd606137ba0f1c1ed4 (patch) | |
tree | d4918994e82232182e60bee896c70ad0231a31fb /pkgs/development/libraries/graphene-hardened-malloc | |
parent | c382b03b015a99d7c306233fd1b85cd3c9545d08 (diff) |
graphene-hardened-malloc: init at 190405.003.2019.04.01.19
Diffstat (limited to 'pkgs/development/libraries/graphene-hardened-malloc')
-rw-r--r-- | pkgs/development/libraries/graphene-hardened-malloc/default.nix | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/pkgs/development/libraries/graphene-hardened-malloc/default.nix b/pkgs/development/libraries/graphene-hardened-malloc/default.nix new file mode 100644 index 000000000000..0aae8ca49453 --- /dev/null +++ b/pkgs/development/libraries/graphene-hardened-malloc/default.nix @@ -0,0 +1,55 @@ +{ stdenv, fetchurl }: + +stdenv.mkDerivation rec { + name = "graphene-hardened-malloc-${version}"; + version = "190405.003.2019.04.01.19"; + + src = fetchurl { + url = "https://github.com/GrapheneOS/hardened_malloc/archive/PQ2A.${version}.tar.gz"; + sha256 = "1qczmajy3q07jd236dmal4iq5xxcsrkyw26gc9r4vs4wj4m42d11"; + }; + + installPhase = '' + install -Dm444 -t $out/lib libhardened_malloc.so + + mkdir -p $out/bin + substitute preload.sh $out/bin/preload-hardened-malloc --replace "\$dir" $out/lib + chmod 0555 $out/bin/preload-hardened-malloc + ''; + + doInstallCheck = true; + installCheckPhase = '' + pushd test + make + $out/bin/preload-hardened-malloc ./offset + + pushd simple-memory-corruption + make + + # these tests don't actually appear to generate overflows currently + rm read_after_free_small string_overflow + + for t in `find . -regex ".*/[a-z_]+"` ; do + echo "Running $t..." + # the program being aborted (as it should be) would result in an exit code > 128 + (($out/bin/preload-hardened-malloc $t) && false) \ + || (test $? -gt 128 || (echo "$t was not aborted" && false)) + done + popd + + popd + ''; + + meta = with stdenv.lib; { + homepage = https://github.com/GrapheneOS/hardened_malloc; + description = "Hardened allocator designed for modern systems"; + longDescription = '' + This is a security-focused general purpose memory allocator providing the malloc API + along with various extensions. It provides substantial hardening against heap + corruption vulnerabilities yet aims to provide decent overall performance. + ''; + license = licenses.mit; + maintainers = with maintainers; [ ris ]; + platforms = platforms.linux; + }; +} |