Security: Libsafe

[Mark Donnelly]

Hey all:

I was just browsing through linux.com and found an 
article about libsafe.  This is a library that Bell 
Labs just released (LGPL) to detect and stop buffer 
overflow attacks.

If you put it on your LD_PRELOAD, its functions will be 
used in place of strcpy, strcat, getwd, gets, [vf]
scanf, realpath, and [v]sprintf.  

Its behavior on detecting a buffer overflow is to kill 
the application and its process group (SIGKILL), and to 
log an error message to /var/log/security.

Personally, I would prefer it to at least have the 
option to silently perform the function up to the point 
of the buffer overrun and return, rather than killing 
the process.  I don't sit on my box enough to justify 
the possibility of just outright killing sendmail.  :(

But, I'm sure you could set up apache to set the 
LD_PRELOAD environment variable when spawning a CGI, so 
obviously there's still plenty of use.

Anyway, I just thought that I would let you know.
--Mark
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).