Re: [SLE] Hack Notes, Linux and Unix Security, Portable Reference:
From: Sid Boyce (sboyce_at_blueyonder.co.uk)
Date: Fri, 11 Jun 2004 01:33:03 +0100 To: firstname.lastname@example.org
Carl William Spitzer IV wrote:
> http://www.linuxjournal.com/article.php?sid=7294 -- An example of a
> successful crack for each type of security vulnerability makes this a
> useful book for administrators who want a realistic picture of
> real-world security threats.
>The best thing to hit the Internet in years - Juno SpeedBand!
>Surf the Web up to FIVE TIMES FASTER!
>Only $14.95/ month - visit www.juno.com to sign up today!
As an aside, but relevant issue that was mentioned in letters on lwn.net
about 2 years ago, as buffer overflows seem to be the cause of most
exploits, it's puzzling why libsafe is not part of all distros, I have
seen one distro that included it about a year ago, can't remember which.
The first thing I do after a new install or upgrade on any distro is to
install libsafe (search freshmeat.net). In the beginning SuSE put out a
dismissive statement to the effect that it did not stop all buffer
overflows, no other explanation or argument was given. I saw one buffer
overflow that caused IBMjava back a couple of years not to run, also
one prog I compiled from sources didn't run either, I emailed the author
and a new version was put up, checking /var/log/warn pointed to the
problems, since then libsafe has been expanded and though the write up
is a bit vague, it seems to say they have been able to stop the overflow
from happening, but lets the app run, it's also supposed to stop other
exploits. Some rpm's will complain at not finding libsafe (haven't seen
it lately though) even with libsafe installed as an rpm, but --nodeps
fixes that. It LD_PRELOADS libsafe to all binaries when it's installed
# o /etc/ld.so.preload
# ldd /usr/bin/grep
/lib/libsafe.so.2 => /lib/libsafe.so.2 (0x40015000)
linux-gate.so.1 => (0xffffe000)
libc.so.6 => /lib/libc.so.6 (0x4003b000)
libdl.so.2 => /lib/libdl.so.2 (0x40150000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
I've not seen any further boundary overruns in /var/log/warn in over 2
SuSE, explain yourselves!
-- Sid Boyce .... Hamradio G3VBV and keen Flyer ===== LINUX ONLY USED HERE ===== -- Check the headers for your unsubscription address For additional commands send e-mail to email@example.com Also check the archives at http://lists.suse.com Please read the FAQs: firstname.lastname@example.org