Harden Tails by disabling tcache
The glibc tcache is an infamously insecure optimization that was added a few years ago. We can disable this by setting and exporting the following environmental variable:
GLIBC_TUNABLES='glibc.malloc.tcache_count=0'
This uses glibc tunables which are designed as a way for distros to tweak the functionality of the libc without having to recompile it. Performance may be slightly reduced in heavily-threaded applications, but it should not be noticeable. No impact on functionality or compatibility.
https://www.gnu.org/software/libc/manual/html_node/Memory-Allocation-Tunables.html
Edited by cypher punks