[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

http://www.avayalabs.com/project/libsafe/index.html





Hey, has anyone had any experience with "libsafe" or any other libraries or
utilities to limit buffer overflows in Linux?  It looks pretty interesing.
Basically, you install this library, and it intercepts calls to functions in
glibc with versions that check for buffer overflows and such.  Here is a
quote from the web page:  

"Our solution is based on a middleware software layer that intercepts all
function calls made to library functions that are known to be vulnerable. A
substitute version of the corresponding function implements the original
functionality, but in a manner that ensures that any buffer overflows are
contained within the current stack frame, thus, preventing attackers from
'smashing' (overwriting) the return address and hijacking the control flow
of a running program. We have implemented our solution on Linux as a
dynamically loadable library called libsafe. Libsafe has demonstrated its
ability to detect and prevent several known attacks, but its real benefit,
we believe, is its ability to prevent yet unknown attacks. Experiments
indicate that the performance overhead of libsafe is negligible. "


http://www.avayalabs.com/project/libsafe/index.html

Evidently, it does not support programs compiled with older versions of
libc:

"Libsafe does not support programs linked with libc5. If you find that a
process protected by libsafe experienced a segmentation fault, use the ldd
utility to determine if the process is linked with libc5. If that is the
case, then you will either need to recompile/relink the application with
libc6 (i.e., glibc) or to download a newer version that has been linked with
libc6. From our experience, most applications are offered with a libc6
version. "

I was just wondering if anyone had tried anything like this.

Thanks,

Randy
-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.