"Fossies" - the Fresh Open Source Software Archive 
Member "libsafe-2.0-16/README" (30 May 2002, 3286 Bytes) of package /linux/misc/old/libsafe-2.0-16.tgz:
As a special service "Fossies" has tried to format the requested text file into HTML format (style:
standard) with prefixed line numbers.
Alternatively you can here
view or
download the uninterpreted source code file.
1 // $Name: release2_0-16 $
2 // $Id: README,v 1.11 2002/05/30 14:13:04 ttsai Exp $
3 //
4 // Copyright (C) 2002 Avaya Labs, Avaya Inc.
5 // Copyright (C) 1999 Bell Labs, Lucent Technologies.
6 // Copyright (C) Arash Baratloo, Timothy Tsai, and Navjot Singh.
7 //
8 // This file is part of the Libsafe library.
9 // Libsafe version 2.x: protecting against stack smashing attacks.
10 //
11 // This library is free software; you can redistribute it and/or
12 // modify it under the terms of the GNU Lesser General Public
13 // License as published by the Free Software Foundation; either
14 // version 2.1 of the License, or (at your option) any later version.
15 //
16 // This library is distributed in the hope that it will be useful,
17 // but WITHOUT ANY WARRANTY; without even the implied warranty of
18 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 // Lesser General Public License for more details.
20 //
21 // You should have received a copy of the GNU Lesser General Public
22 // License along with this library; if not, write to the Free Software
23 // Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
24 //
25 // For more information,
26 // visit http://www.research.avayalabs.com/project/libsafe/index.html
27 // or email libsafe@research.avayalabs.com
28
29 The libsafe-1.3 library protects a process against the exploitation of buffer
30 overflow vulnerabilities in process stacks. Libsafe-2.0 adds the capability of
31 protecting against format string exploits. [See Note 1.] Libsafe works with
32 any existing pre-compiled executable and can be used transparently, even on a
33 system-wide basis. The method intercepts all calls to library functions that
34 are known to be vulnerable. A substitute version of the corresponding function
35 implements the original functionality, but in a manner that ensures that any
36 buffer overflows are contained within the current stack frame. Libsafe has
37 been shown to detect several known attacks and can potentially prevent yet
38 unknown attacks. Experiments indicate that the performance overhead of libsafe
39 is negligible.
40
41 The following unsafe functions are currently monitored by libsafe:
42
43 strcpy(char *dest, const char *src)
44 May overflow the dest buffer.
45
46 strcat(char *dest, const char *src)
47 May overflow the dest buffer.
48
49 getwd(char *buf)
50 May overflow the buf buffer.
51
52 gets(char *s)
53 May overflow the s buffer.
54
55 [vf]scanf(const char *format, ...)
56 May overflow its arguments.
57
58 realpath(char *path, char resolved_path[])
59 May overflow the path buffer.
60
61 [v]sprintf(char *str, const char *format, ...)
62 May overflow the str buffer.
63
64
65
66 For more information see libsafe/doc/libsafe.8.html.
67
68 --------------------------------------------------
69 Note 1: Tim Robbins has created an alternative solution to detecting format
70 string attacks. Tim's solution is called libformat. Both libformat and
71 libsafe use function interception via shared libraries to sanity check function
72 arguments, but the particular methods for checking arguments differ. See
73 http://box3n.gumbynet.org/~fyre/software/libformat.php3 for more information.