format string exploit

Heiko Zuerker heiko at zuerker.org
Tue Aug 8 13:31:46 PDT 2006


On Tue, August 8, 2006 15:25, Robert Connolly wrote:
> On Tuesday 08 August 2006 13:27, thorsten wrote:
>
>> Ok, I forgot -no-pie which prevented the shell to be launched. SSP does
>>  NOT prevent the format string exploit!
>>
>
> Thank you for verifying this.
>
>
> Libsafe is lgpl. Traditionally libsafe is preloaded, via
> /etc/ld.so.preload,
> which makes it fairly easy to bypass and vulnerable to environment
> settings. I'm going to see about adding Libsafe to libc.so so it can't be
> disabled so easily. However if I remember correctly it causes a few
> Binutils tests to
> fail. Maybe there are alternative libraries to Libsafe too. It would be a
> backup to Grsecurity in case Grsecurity is misconfigured, or disabled.

Libsafe didn't get updated in a very long time and also just got deleted
from Freshmeat.
Not sure how that will affect things or if it's going to break with some
glibc update in the future (I'm not much of a programmer...)

-- 

Regards
  Heiko Zuerker
  http://www.devil-linux.org





More information about the hlfs-dev mailing list