format string exploit

Robert Connolly robert at
Tue Aug 8 13:25:48 PDT 2006

On Tuesday 08 August 2006 13:27, thorsten wrote:
> Ok, I forgot -no-pie which prevented the shell to be launched. SSP does
> NOT prevent the format string exploit!

Thank you for verifying this.

Libsafe is lgpl. Traditionally libsafe is preloaded, via /etc/, 
which makes it fairly easy to bypass and vulnerable to environment settings. 
I'm going to see about adding Libsafe to so it can't be disabled so 
easily. However if I remember correctly it causes a few Binutils tests to 
fail. Maybe there are alternative libraries to Libsafe too. It would be a 
backup to Grsecurity in case Grsecurity is misconfigured, or disabled. 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <>

More information about the hlfs-dev mailing list