http://www.research.avayalabs.com/project/libsafe/ Has anyone tried libsafe? According to the documentation libsafe is a wrapper for potentially unsafe library calls that offers buffer overflow protection transparently for the entire system without the need to re-compile anything. They claim that performance difference is negligible, and there shouldn't be adverse behaviors.
(from the README) The following unsafe functions are currently monitored by libsafe: strcpy(char *dest, const char *src) May overflow the dest buffer. strcat(char *dest, const char *src) May overflow the dest buffer. getwd(char *buf) May overflow the buf buffer. gets(char *s) May overflow the s buffer. [vf]scanf(const char *format, ...) May overflow its arguments. realpath(char *path, char resolved_path[]) May overflow the path buffer. [v]sprintf(char *str, const char *format, ...) May overflow the str buffer. I'm testing it now on several of my Red Hat 7.3 servers and things appear to be going well. The binary RPM conveniently edits /etc/ld.so.preload when you install it, and removes itself when you un-install the package. Unfortunately the .src.rpm fails to build on Red Hat 8.0 with a broken pipe at the very end of the build process. Anyone know why this is occurring? Anyway, this seems like a very neat and convenient tool, but I want to know what people think about this. Is it really safe? Will this break anything? Would prelink be affected? What will this NOT protect me from? Thanks, Warren Togami [EMAIL PROTECTED]