PROTECTING
FROM
BUFFER
OVERFLOWS
Home |
Objectives |
Forum |
Security Links |
Tutorials |
People |
- White Papers
- Sources & Tools
- BufOverA
BufOverA is a set of small Linux kernel patches which detect and block buffer overflows.
- RSX
RSX is a Linux LKM which stops most buffer overflow attacks. It is a Runtime addressSpace eXtender providing on the fly code remapping of existing Linux binaries in order to implement non-executable stack as well as non-exec short/long heap areas. RSX targets common buffer-overflow problems preventing code execution in mapped data-only areas. Currently a 2.4.x version of the kernel module is available. For more information, here.
- spfx.c | spfx2.c
spfx.c or spfx2.c is a linux kernel module which stops many exploits by protecting the system from code running on the stack. Works by limiting the use of key system calls to library functions. Although spfx2 does not prevent buffer-overflow related crashes, it does make it very difficult to break security with with a buffer-overflow attack, preventing most root compromises.
- Stack Shield
A "stack smashing" technique protection tool for Linux. The "stack smashing" technique is the most common way used in exploits to break the security of programs. Stack Shield is a tool for adding protection to programs from this kind of attacks at compile time whitout changing a line of code. Stack Shield uses a more secure protection system than other tool like Immunix Stack Guard. Stack Shield is designed to support the GCC under a Linux Intel 386 class platform.
For more information, here.
- Libsafe
The libsafe library protects against buffer overflow and format string attacks. It works by putting a wrapper around dangerous functions that contain any buffer overflows within the current stack frame, so that the return address can not be changed. Libsafe works with any existing pre-compiled executable and can be used transparently, even on a system-wide basis. Changes: Ability to handle both buffer overflow and format string attacks, and extension of its protection to all the applications running on a system. For more information, here.
Copyright(c) 2001
HackerProof. All rights reserved.
Last Update: