libsafe: Detection and protection against stack smashing attacks1

The libsafe library protects a process against the exploitation of buffer overflow vulnerabilities in process stacks. Libsafe works with any existing pre-compiled executable and can be used transparently, even on a system-wide basis. The method intercepts all calls to library functions that are known to be vulnerable. A substitute version of the corresponding function implements the original functionality, but in a manner that ensures that any buffer overflows are contained within the current stack frame. Libsafe has been shown to detect several known attacks and can potentially prevent yet unknown attacks. Experiments indicate that the performance overhead of libsafe is negligible.

... part of T2, get it here

URL: http://www.bell-labs.com/org/11356/libsafe.html

Author: Arash Baratloo, Timothy Tsai, and Navjot Singh
Maintainer: Rene Rebe <rene [at] t2-project [dot] org>

License: GPL
Status: Stable
Version: 2.0-16

Remark: Does cross compile (as setup and patched in T2).

Download: http://www.research.avayalabs.com/project/libsafe/src/ libsafe-2.0-16.tgz

T2 source: hotfix-destdir.patch
T2 source: libsafe.cache
T2 source: libsafe.desc
T2 source: no_exploits.patch
T2 source: uclibc.patch.uclibc

Build time (on reference hardware): 5% (relative to binutils)2

Installed size (on reference hardware): 0.04 MB, 7 files

Dependencies (build time detected): 00-dirtree binutils coreutils diffutils findutils gawk grep linux-header make patch sed sysfiles tar

Installed files (on reference hardware): [show]

1) This page was automatically generated from the T2 package source. Corrections, such as dead links, URL changes or typos need to be performed directly on that source.

2) Compatible with Linux From Scratch's "Standard Build Unit" (SBU).