You are not logged in.

#1 2006-03-25 14:16:31

EAD
Member
Registered: 2006-03-11
Posts: 255

Libsafe

Hii, I have seen that package calld "Libsafe" wich should help me avoid "buffer overflow security problem", so I have done
"Pacman -S libsafe" adn install it.
How can I use it now? what make it work when using the risky c libs?
:?:

Offline

#2 2006-03-25 15:27:23

tomk
Forum Fellow
From: Ireland
Registered: 2004-07-21
Posts: 9,839

Re: Libsafe

I've never used this - never even knew it was there, actually - but it's nearly three years old, and the website's gone. There's still a freshmeat page, though.

Just thought that was worth mentioning. smile

Offline

#3 2006-03-25 15:47:18

EAD
Member
Registered: 2006-03-11
Posts: 255

Re: Libsafe

Ok I have found a way to use it
and Its rocks :twisted:
It help you avoid using a badly wrriten C program that can cause stack overflow risk.
all that need to do is

export LD_PRELOAD=/usr/lib/libsafe.so.2

then if you want to try it, make a C program that call a function that use strcp (STring copy), for a buffer of 10 char, and give it a 20 chars.
Works like magic  :!:

Offline

#4 2006-03-25 20:07:21

Gullible Jones
Member
Registered: 2004-12-29
Posts: 4,863

Re: Libsafe

You sure it's safe though? I would be damn wary of using unmaintained security software...

Offline

#5 2006-03-25 23:08:11

raskolnikov
Member
From: France
Registered: 2006-01-08
Posts: 100

Re: Libsafe

From what I understand, this is "just" a library to catch the more common misuses of C functions like scanf... It does not work with statically linked programs, I think (as it catch library calls). See here.


Excessive showering, grooming, and toothbrushing is not only vain, it wastes valuable coding time.

Offline

Board footer

Powered by FluxBB