Главная страница


 - RU.NETHACK -------------------------------------------------------------------
 From : bella@pci.poltava.ua                 2:5020/400     22 May 2000  09:34:42
 To : All
 Subject : Re: Кто чего скажет ?
 Vladislav Myasnyankin <Vladislav.Myasnyankin@p8.f101.n5080.z2.fidonet.org>
 VM>Hola, All !
 VM>Hу что, господа любители срыва стека ? Выскажитесь по поводу:
 VM>======================= cut =======================
 VM> Introduction
 VM> The libsafe library protects a process against the exploitation of buffer
 VM> overflow vulnerabilities in process stacks. Libsafe works with any existing
 VM> pre-compiled executable and can be used transparently, even on a system-wide
 VM> basis. The method intercepts all calls to library functions that are known
 VM> to be vulnerable. A substitute version of the corresponding function
 VM> implements the original functionality, but in a manner that ensures that any
 VM> buffer overflows are contained within the current stack frame. Libsafe has
 VM> been shown to detect several known attacks and can potentially prevent yet
 VM> unknown attacks. Experiments indicate that the performance overhead of
 VM> libsafe is negligible.
 VM> The following unsafe functions are currently monitored by libsafe:
 VM> strcpy(char *dest, const char *src)
 VM> May overflow the dest buffer.
 VM> strcat(char *dest, const char *src)
 VM> May overflow the dest buffer.
 VM> getwd(char *buf)
 VM> May overflow the buf buffer.
 VM> gets(char *s)
 VM> May overflow the s buffer.
 VM> [vf]scanf(const char *format, ...)
 VM> May overflow its arguments.
 VM> realpath(char *path, char resolved_path[])
 VM> May overflow the path buffer.
 VM> [v]sprintf(char *str, const char *format, ...)
 VM> May overflow the str buffer.
 VM> Where to get libsafe
 VM> The source code for libsafe can be found at
 VM> http://www.bell-labs.com/org/11356/libsafe.html.
 VM>============================ end ==========================
 А про memcpy и компанию они забыли... Патч от SolarDesigner'а походу лучше...
 Единственное преимущество, что _эту_ фичу перекомпилять не надо.
 Lan Administrator
 E-mail: bella@pci.poltava.ua
 Phone: +380 5322 21535
 Member of WaZeLin Trio Team
 --- ifmail v.2.15dev5
  * Origin: Solver Ltd. site #2 (2:5020/400)

Вернуться к списку тем, сортированных по: возрастание даты  уменьшение даты  тема  автор 

 Тема:    Автор:    Дата:  
 Re: Кто чего скажет ?   bella@pci.poltava.ua   22 May 2000 09:34:42 
Архивное /ru.nethack/15014b8bd0a26.html, оценка 1 из 5, голосов 10
Valid HTML 4.01 Transitional