|
ru.nethack
- RU.NETHACK -------------------------------------------------------------------
From : Vladislav Myasnyankin 2:5080/101.8 21 May 2000 01:24:25
To : All
Subject : Кто чего скажет ?
--------------------------------------------------------------------------------
Hу что, господа любители срыва стека ? Выскажитесь по поводу:
======================= cut =======================
Introduction
The libsafe library protects a process against the exploitation of buffer
overflow vulnerabilities in process stacks. Libsafe works with any existing
pre-compiled executable and can be used transparently, even on a system-wide
basis. The method intercepts all calls to library functions that are known
to be vulnerable. A substitute version of the corresponding function
implements the original functionality, but in a manner that ensures that any
buffer overflows are contained within the current stack frame. Libsafe has
been shown to detect several known attacks and can potentially prevent yet
unknown attacks. Experiments indicate that the performance overhead of
libsafe is negligible.
The following unsafe functions are currently monitored by libsafe:
strcpy(char *dest, const char *src)
May overflow the dest buffer.
strcat(char *dest, const char *src)
May overflow the dest buffer.
getwd(char *buf)
May overflow the buf buffer.
gets(char *s)
May overflow the s buffer.
[vf]scanf(const char *format, ...)
May overflow its arguments.
realpath(char *path, char resolved_path[])
May overflow the path buffer.
[v]sprintf(char *str, const char *format, ...)
May overflow the str buffer.
Where to get libsafe
The source code for libsafe can be found at
http://www.bell-labs.com/org/11356/libsafe.html.
============================ end ==========================
--
Hasta luego !
/Vlad.
http://www.geocities.com/Yosemite/Forest/6118
--- ifmail v.2.14-tx8.9
* Origin: Free Walking Wild Cat (2:5080/101.8@fidonet)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
|
