http://www.research.avayalabs.com/project/libsafe/
Has anyone tried libsafe? According to the documentation libsafe is a
wrapper for potentially unsafe library calls that offers buffer overflow
protection transparently for the entire system without the need to
re-compile anything. They claim that performance difference is
negligible, and there shouldn't be adverse behaviors.
(from the README)
The following unsafe functions are currently monitored by libsafe:
strcpy(char *dest, const char *src)
May overflow the dest buffer.
strcat(char *dest, const char *src)
May overflow the dest buffer.
getwd(char *buf)
May overflow the buf buffer.
gets(char *s)
May overflow the s buffer.
[vf]scanf(const char *format, ...)
May overflow its arguments.
realpath(char *path, char resolved_path[])
May overflow the path buffer.
[v]sprintf(char *str, const char *format, ...)
May overflow the str buffer.
I'm testing it now on several of my Red Hat 7.3 servers and things
appear to be going well. The binary RPM conveniently edits
/etc/ld.so.preload when you install it, and removes itself when you
un-install the package.
Unfortunately the .src.rpm fails to build on Red Hat 8.0 with a broken
pipe at the very end of the build process. Anyone know why this is
occurring?
Anyway, this seems like a very neat and convenient tool, but I want to
know what people think about this.
Is it really safe? Will this break anything?
Would prelink be affected?
What will this NOT protect me from?
Thanks,
Warren Togami
[EMAIL PROTECTED]
