On Monday 04 October 2004 13:14, Anders Johansson wrote:
On Monday, 4 October 2004 11.34, peter Nikolic wrote:
Ever heard of Libsafe .. ?....
worth investigating i dont get problems from buffer overflow attacks thanks to Libsafe it can them before they can cause mischief ..
Note that libsafe won't catch everything. Specifically, it won't catch buffers used in internal functions, only those used by a few select glibc functions, like strcpy and the like. And even those won't even get looked at if the program is compiled with -fomit-frame-pointer (at least the version I looked at)
Just wanted to make sure you weren't labouring under false sense of security :)
The only truly complete way to be safe from attacks is to make sure the programs don't have bugs
The work done by the OpenBSD (http://www.openbsd.org) project on all this is interesting and probably a valuable lesson too - only I'm far too ignorant to interpret said lesson for people here. Their great labours in code auditing have apparently borne much fruit in terms of getting rid of bugs, exploitable and potential, and their big code cleanups often mean that their versions of standard progs are often already fixed when new exploits appear affecting other *nixes. And they are now building with as much as possible with ProPolice / SSP (http://en.wikipedia.org/wiki/ProPolice), and Gentoo are involved as well. Interesting to see if the security gains will convince the big distros to do any of the heavy work needed to incorporate these safeguards. I expect the law of diminishing returns may mean not. Cheers Fergus -- Fergus Wilde Chetham's Library Long Millgate Manchester M3 1SB Tel: 0161 834 7961 Fax: 0161 839 5797 http://www.chethams.org.uk