Re: protection against buffer overflows
hi ya vincent
> I'm working on buffer overflows these days, and more precisely the possible
> methods to avoid them.
> It seems that the most used tools to prevent exploits based on buffer
> overflows are Libsafe, OpenWall, StackGuard... and maybe Saint Jude.
>
> Has anyone any interesting comments about theses methods ?
>
just a quickie comment...
libsafe seems to work across the board on most major linux distro
and takes 5 minutes to do it all
http://www.Linux-Sec.net/harden/libsafe.uhow2.txt
openwall works only w/ 2.2.x kernels unless they've released 2.4.x stuff
stackguard was beyond my scope of "patience"...
( part of immunix ?? )
- and it modifies gcc which i didnt like it doing...
- sometimes compiling sources already fails with generic
environments so didnt want to deal with a modified gcc
other kernel patches/methodologies
http://www.Linux-Sec.net/Harden/kernel.gwif.html
thanx
alvin
Reply to: