Re: [SLE] Hack Notes, Linux and Unix Security, Portable Reference:

From: Sid Boyce (sboyce_at_blueyonder.co.uk)
Date: 06/11/04

  • Next message: Chip Cooper: "[SLE] printer setup in vmware" 
    Date: Fri, 11 Jun 2004 01:33:03 +0100
To: suse-linux-e@suse.com

    Carl William Spitzer IV wrote:

    > http://www.linuxjournal.com/article.php?sid=7294 -- An example of a
    > successful crack for each type of security vulnerability makes this a
    > useful book for administrators who want a realistic picture of
    > real-world security threats.
    >
    >
    >________________________________________________________________
    >The best thing to hit the Internet in years - Juno SpeedBand!
    >Surf the Web up to FIVE TIMES FASTER!
    >Only $14.95/ month - visit www.juno.com to sign up today!
    >
    >
    >
    As an aside, but relevant issue that was mentioned in letters on lwn.net
    about 2 years ago, as buffer overflows seem to be the cause of most
    exploits, it's puzzling why libsafe is not part of all distros, I have
    seen one distro that included it about a year ago, can't remember which.
    The first thing I do after a new install or upgrade on any distro is to
    install libsafe (search freshmeat.net). In the beginning SuSE put out a
    dismissive statement to the effect that it did not stop all buffer
    overflows, no other explanation or argument was given. I saw one buffer
    overflow that caused IBMjava back a couple of years not to run, also
    one prog I compiled from sources didn't run either, I emailed the author
    and a new version was put up, checking /var/log/warn pointed to the
    problems, since then libsafe has been expanded and though the write up
    is a bit vague, it seems to say they have been able to stop the overflow
    from happening, but lets the app run, it's also supposed to stop other
    exploits. Some rpm's will complain at not finding libsafe (haven't seen
    it lately though) even with libsafe installed as an rpm, but --nodeps
    fixes that. It LD_PRELOADS libsafe to all binaries when it's installed
    globally, e.g.
    # o /etc/ld.so.preload
    /lib/libsafe.so.2

    # ldd /usr/bin/grep
            /lib/libsafe.so.2 => /lib/libsafe.so.2 (0x40015000)
            linux-gate.so.1 => (0xffffe000)
            libc.so.6 => /lib/libc.so.6 (0x4003b000)
            libdl.so.2 => /lib/libdl.so.2 (0x40150000)
            /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)

    I've not seen any further boundary overruns in /var/log/warn in over 2
    years.
    SuSE, explain yourselves!

    Regards
    Sid. 

    -- 
Sid Boyce .... Hamradio G3VBV and keen Flyer
===== LINUX ONLY USED HERE =====
-- 
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@suse.com
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@suse.com
  • Next message: Chip Cooper: "[SLE] printer setup in vmware"