As a proactive security measure, since version 2.4.5, samhain ships with dnmalloc ( Dnmalloc Site), a safer allocator that isn't vulnerable by heap buffer overflows and/or double free errors. I.e. with dnmalloc, it's not possible to exploit such errors to run arbitrary code.
If you want to disable dnmalloc, you can do so at compile time with ./configure --disable-dnmalloc [more options] .
|Unsupported operating systems|
The dnmalloc allocator doesn't work on: OpenBSD (problems with pthread internals), Cygwin (also pthread internals), and 64bit FreeBSD. On 64bit AIX, you need to compile as a 32bit application, or to forego dnmalloc.
Speed and memory overhead of dnmalloc:
Dnmalloc is as fast, or sometimes faster than, the GNU libc allocator (which is based on ptmalloc).
- Memory overhead
The actual memory overhead of dnmalloc is in the range of 20 per cent or less.
On top of that, dnmalloc allocates a huge (128MB/256MB for 32bit/64bit systems) table on startup. This is basically a non-issue, since this table is only sparsely used, and hence contributes very little to the "reserved memory", i.e. the actual resource usage of dnmalloc.
Both 'top' and 'ps' include this table in the 'virtual size' (columns VIRT/VSZ in top/ps) of an application using dnmalloc, thus giving the incorrect impression that physical swap storage would be required to back this table, if it's not resident in RAM (columns RES/RSS in top/ps). In fact, since most parts of this table are never used, no physical storage (neither RAM nor swap) is ever reserved for them. Note that this is not true anymore if (on Linux) you've switched off overcommiting completely ( echo 2 > /proc/sys/vm/overcommit_memory ).
"Reserved momory" is the amount of memory that the operating system has reserved for an application, is backed by physical reasources (RAM or swap), and hence is not available for other applications. In other words, "reserved momory" is the actual resource usage of an application.
Because of deferred memory allocation, reserved memory can be less than what an application has asked for, since memory is only reseved when it is used.