On Tuesday 08 August 2006 16:31, Heiko Zuerker wrote: > Libsafe didn't get updated in a very long time and also just got deleted > from Freshmeat. > Not sure how that will affect things or if it's going to break with some > glibc update in the future (I'm not much of a programmer...)
It looks like it's still supported, but the urls have changed: http://pubs.research.avayalabs.com/src/libsafe-2.0-16.tgz http://www.research.avayalabs.com/gcm/usa/en-us/initiatives/all/nsr.htm&Filter=ProjectTitle:Libsafe&Wrapper=LabsProjectDetails&View=LabsProjectDetails I'm guessing that a new version has not been released in four years because avayalabs decided to stop adding features, because no bugs have been found in it (I haven't found any patches for Libsafe), and because stackguard and stack smashing protector do better jobs at detecting stack smashing attacks. Rather than preloading Libsafe or adding it to libc.so, it could also simply be linked to via the gcc specs. This would allow disabling it during some testsuites. I don't think ld.so allows preloading libraries for suid programs, or it shouldn't. So preloading isn't a great option except for binary-only applications. The 2.0 release of Libsafe added protection against format string exploits. The only other _library_ available to protect against format string exploits is Formatguard, from Immunix. I found the Immunix Glibc patch for Formatguard, but it's integrated with the stackguard patch, and its for glibc-2.2. I might be able to separate them, it's fairly obvious which parts belong to which feature. Immunix reports less than 2% performance penalty from Formatguard. This patch is 5 years old but still supported. http://distro.ibiblio.org/pub/linux/distributions/immunix/7.0/i386/SRPMS/glibc-2.2-12_imnx_7.src.rpm Formatguard, Stackguard, and Libsafe do some of the same things, but they do it in different ways. I find Immunix/Wirex opinions very hard to swallow, they have always had a flaming conflict of interest. Stackguard vs SSP is another topic, however it does look like Formatguard does a better job than Libsafe. It's curious that no other distributions use Libsafe or Formatguard. robert
pgpJtev4hCKNT.pgp
Description: PGP signature
-- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
