format string exploit

Robert Connolly robert at linuxfromscratch.org
Tue Aug 8 22:28:41 PDT 2006


On Tuesday 08 August 2006 16:31, Heiko Zuerker wrote:
> Libsafe didn't get updated in a very long time and also just got deleted
> from Freshmeat.
> Not sure how that will affect things or if it's going to break with some
> glibc update in the future (I'm not much of a programmer...)

It looks like it's still supported, but the urls have changed:

http://pubs.research.avayalabs.com/src/libsafe-2.0-16.tgz
http://www.research.avayalabs.com/gcm/usa/en-us/initiatives/all/nsr.htm&Filter=ProjectTitle:Libsafe&Wrapper=LabsProjectDetails&View=LabsProjectDetails

I'm guessing that a new version has not been released in four years because 
avayalabs decided to stop adding features, because no bugs have been found in 
it (I haven't found any patches for Libsafe), and because stackguard and 
stack smashing protector do better jobs at detecting stack smashing attacks. 

Rather than preloading Libsafe or adding it to libc.so, it could also simply 
be linked to via the gcc specs. This would allow disabling it during some 
testsuites. I don't think ld.so allows preloading libraries for suid 
programs, or it shouldn't. So preloading isn't a great option except for 
binary-only applications.

The 2.0 release of Libsafe added protection against format string exploits. 
The only other _library_ available to protect against format string exploits 
is Formatguard, from Immunix. I found the Immunix Glibc patch for 
Formatguard, but it's integrated with the stackguard patch, and its for 
glibc-2.2. I might be able to separate them, it's fairly obvious which parts 
belong to which feature. Immunix reports less than 2% performance penalty 
from Formatguard. This patch is 5 years old but still supported.

http://distro.ibiblio.org/pub/linux/distributions/immunix/7.0/i386/SRPMS/glibc-2.2-12_imnx_7.src.rpm

Formatguard, Stackguard, and Libsafe do some of the same things, but they do 
it in different ways. I find Immunix/Wirex opinions very hard to swallow, 
they have always had a flaming conflict of interest. Stackguard vs SSP is 
another topic, however it does look like Formatguard does a better job than 
Libsafe.

It's curious that no other distributions use Libsafe or Formatguard.

robert
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.linuxfromscratch.org/pipermail/hlfs-dev/attachments/20060809/fd1f3cf7/attachment.sig>


More information about the hlfs-dev mailing list