Security: Libsafe
Kevin P. Lawton
kevin at mandrakesoft.com
Fri Apr 21 12:42:40 EDT 2000
Here's a forward of a reaction to your posting I sent
to an internal Mandrake list:
> > I was just browsing through linux.com and found an
> > article about libsafe. This is a library that Bell
> > Labs just released (LGPL) to detect and stop buffer
> > overflow attacks.
> >
> > If you put it on your LD_PRELOAD, its functions will be
> > used in place of strcpy, strcat, getwd, gets, [vf]
> > scanf, realpath, and [v]sprintf.
> >
> > Its behavior on detecting a buffer overflow is to kill
> > the application and its process group (SIGKILL), and to
> > log an error message to /var/log/security.
> >
> > Personally, I would prefer it to at least have the
> > option to silently perform the function up to the point
> > of the buffer overrun and return, rather than killing
> > the process.
This could lead to intrusion and log deletion.
> > I don't sit on my box enough to justify
> > the possibility of just outright killing sendmail. :(
Eyh, don't be afraid, we just kill the children, not
the parent.
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).
More information about the Discuss
mailing list