The libsafe library protects a process against the exploitation of buffer overflow vulnerabilities in process stacks. Libsafe works with any existing pre-compiled executable and can be used transparently, even on a system-wide basis. The method intercepts all calls to library functions that are known to be vulnerable. A substitute version of the corresponding function implements the original functionality, but in a manner that ensures that any buffer overflows are contained within the current stack frame. Libsafe has been shown to detect several known attacks and can potentially prevent yet unknown attacks. Experiments indicate that the performance overhead of libsafe is negligible.
Author: Arash Baratloo, Timothy Tsai, and Navjot Singh
Maintainer: Rene Rebe <rene [at] t2-project [dot] org>
Build time (on reference hardware): 1599% (relative to binutils)2
Installed size (on reference hardware): 0.09 MB, 15 files
Dependencies (build time detected): bash binutils bzip2 ccache coreutils diffutils findutils gcc glibc gnutls grep libgcrypt libgpg-error libprelude libtasn1 linux-header make patch sed sysfiles tar zlib
Installed files (on reference hardware): n.a.
1) This page was automatically generated from the T2 package source. Corrections, such as dead links, URL changes or typos need to be performed directly on that source.
2) Compatible with Linux From Scratch's "Standard Build Unit" (SBU).