format string exploit

Heiko Zuerker heiko at
Tue Aug 8 13:31:46 PDT 2006

On Tue, August 8, 2006 15:25, Robert Connolly wrote:
> On Tuesday 08 August 2006 13:27, thorsten wrote:
>> Ok, I forgot -no-pie which prevented the shell to be launched. SSP does
>>  NOT prevent the format string exploit!
> Thank you for verifying this.
> Libsafe is lgpl. Traditionally libsafe is preloaded, via
> /etc/,
> which makes it fairly easy to bypass and vulnerable to environment
> settings. I'm going to see about adding Libsafe to so it can't be
> disabled so easily. However if I remember correctly it causes a few
> Binutils tests to
> fail. Maybe there are alternative libraries to Libsafe too. It would be a
> backup to Grsecurity in case Grsecurity is misconfigured, or disabled.

Libsafe didn't get updated in a very long time and also just got deleted
from Freshmeat.
Not sure how that will affect things or if it's going to break with some
glibc update in the future (I'm not much of a programmer...)


  Heiko Zuerker

More information about the hlfs-dev mailing list