Bell Labs libsafe-1.3, detection and protection against stack smashing attacks.
The libsafe library protects a process against the exploitation of buffer
overflow vulnerabilities in process stacks. Libsafe works with any existing
pre-compiled executable and can be used transparently, even on a system-wide
basis. The method intercepts all calls to library functions that are known to
be vulnerable. A substitute version of the corresponding function implements
the original functionality, but in a manner that ensures that any buffer
overflows are contained within the current stack frame. Libsafe has been shown
to detect several known attacks and can potentially prevent yet unknown attacks.
Experiments indicate that the performance overhead of libsafe is negligible.
The following unsafe functions are currently monitored by libsafe:
strcpy(char *dest, const char *src)
May overflow the dest buffer.
strcat(char *dest, const char *src)
May overflow the dest buffer.
getwd(char *buf)
May overflow the buf buffer.
gets(char *s)
May overflow the s buffer.
[vf]scanf(const char *format, ...)
May overflow its arguments.
realpath(char *path, char resolved_path[])
May overflow the path buffer.
[v]sprintf(char *str, const char *format, ...)
May overflow the str buffer.
SLACKWARE NOTES (this section added by volkerdi@slackware.com)
While testing libsafe on Slackware, I noticed a couple of minor
problems:
o libsafe breaks libc4 and libc5 dynamic binaries.
This shouldn't be too much of a surprise, since it preloads against
everything. If it could be made to load only against glibc2
binaries, this problem would be solved.
o libsafe may break a few programs. For example, we found that the
'xv' image program would segfault when libsafe was preloaded.
Because of these problems (especially the first one) it was decided that
libsafe.tgz should be placed in the /contrib directory as an optional
package rather than merged into the base (A) series. However, don't
think that's because we're not impressed with libsafe. :) Most people
don't have a need for libc4 and libc5 compatability, and xv can always
be recompiled statically to work around the problem. I run libsafe on
my server/router box, and have experienced no problems with it. In an
environment where security is important, libsafe is highly recommended.
To install on Slackware, simply use installpkg:
installpkg libsafe.tgz
New processes that are started after the package is installed will
be automatically protected. To get protection on things like sendmail
and other daemons, you'll need to restart them (or just reboot your
machine).
Libsafe must be uninstalled manually. To uninstall it, follow this
procedure (carefully):
1. remove /lib/libsafe.so.1 from /etc/ld.so.preload
2. reboot
3. remove /lib/libsafe.so.1 and /lib/libsafe.so.1.3
HOMEPAGE
The home web page for libsafe is:
http://www.bell-labs.com/org/11356/libsafe.html.
COPYRIGHT
Copyright (C) 1999 Bell Labs, Lucent Technologies.
Copyright (C) Arash Baratloo, Timothy Tsai, and Navjot Singh.
This file is part of the Libsafe library. Libsafe version 1.0:
protecting against stack smashing attacks.
This library is free software; you can redistribute it and/or modify
it under the terms of the GNU Library General Public License as
published by the Free Software Foundation; either version 2 of the
License, or (at your option) any later version.
This library is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Library General Public License for more details.
You should have received a copy of the GNU Library General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
02111-1307, USA.
For more information,
visit http://www.bell-labs.com/org/11356/libsafe.html
or email libsafe@research.bell-labs.com