nixos/malloc: add scudo from LLVM compiler-rt

author: Pierre Bourdon <delroth@gmail.com> 2019-05-30 02:16:45 +0900
committer: Pierre Bourdon <delroth@gmail.com> 2019-05-30 02:35:50 +0900
commit: 1cc8ea7cb4e4d5a9fa94869a2998ed17ec7bb9db (patch)
tree: bdf8571d832428b6a7d856cf505fa7b26646aa5f /nixos
parent: 60b59c34a868f5e835e8af187b961ed328dd23e9 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/nixos/modules/config/malloc.nix b/nixos/modules/config/malloc.nix
index 5fca39aa2e2a7..bc51b9fc573a8 100644
--- a/nixos/modules/config/malloc.nix
+++ b/nixos/modules/config/malloc.nix
@@ -21,6 +21,15 @@ let
         and scalable concurrency support.
       '';
     };
+
+    "scudo" = {
+      libPath = "${pkgs.llvmPackages.compiler-rt}/lib/linux/libclang_rt.scudo-x86_64.so";
+      description = ''
+        A user-mode allocator based on LLVM Sanitizer’s CombinedAllocator,
+        which aims at providing additional mitigations against heap based
+        vulnerabilities, while maintaining good performance.
+      '';
+    };
   };
 
   providerConf = providers."${cfg.provider}";
author	Pierre Bourdon <delroth@gmail.com>	2019-05-30 02:16:45 +0900
committer	Pierre Bourdon <delroth@gmail.com>	2019-05-30 02:35:50 +0900
commit	1cc8ea7cb4e4d5a9fa94869a2998ed17ec7bb9db (patch)
tree	bdf8571d832428b6a7d856cf505fa7b26646aa5f /nixos
parent	60b59c34a868f5e835e8af187b961ed328dd23e9 (diff)