Jump to letter: [
ABCDEFGHIJKLMNOPQRSTUVWXYZ
]
libsafe: Libsafe: Protecting Critical Elements of Stacks
- Summary
- The libsafe library protects a process against the exploitation of buffer
overflow vulnerabilities in process stacks. Libsafe works with any
existing pre-compiled executable and can be used transparently, even on a
system-wide basis. The method intercepts all calls to library functions
that are known to be vulnerable. A substitute version of the corresponding
function implements the original functionality, but in a manner that
ensures that any buffer overflows are contained within the current stack
frame. Libsafe has been shown to detect several known attacks and can
potentially prevent yet unknown attacks. Experiments indicate that the
performance overhead of libsafe is negligible.
If libsafe is compiled on a system with libprelude installed, libsafe will
additionally emit a stack overflow alert to the Prelude Manager. For more
information about the Prelude Hybrid IDS, please see http://www.prelude-ids.org
(Fedora libsafe is not compiled with libprelude. Talk to fedora-devel if you
really want this to become default.)
Be aware that any RPMS built while libsafe is installed will require libsafe
in order to install because of RPM's autodeps. You are encouraged to use a
chroot for RPM builds rather than a libsafe protected system.
Changelog
- * Mon Apr 14 13:00:00 2003 Warren Togami <warren{%}togami{*}com> 2.0-16.fdr.1
- Initial Fedora release, converted from 2.0-16 upstream