Title: Linux - preventing buffer overflows

KBTAG: kben10000084
URL: http://www.securityportal.com/lskb/10000050/kben10000084.html
Date created: 17/07/2000
Date modified:
Date removed:
Authors(s): Kurt Seifried seifried@securityportal.com
Topic: Linux - preventing buffer overflows
Keywords: Software

 

Summary:

Buffer overflows are one of the most common attacks, especially remote attacks. There are several methods to prevent software with buffer overflows from actually letting an attacker in.

More information:

StackGuard

StackGuard is a set of patches for GCC that compile programs to prevent them from writing to locations in memory they shouldn't (simplistic explanation, the StackGuard website has much better details). StackGuard does break some functionality however, programs like gdb and other debuggers will fail, but this is generally not a concern for high security production servers. You can get StackGuard from: http://www.immunix.org/

Stack Shield 

Stack Shield is an alternate method for protecting Linux binaries from buffer overflows, however I have not yet tried it. You can get it at: http://www.angelfire.com/sk/stackshield/.

Libsafe

Libsafe lets you protect binary only software and is available freely, you can get it at: http://www.bell-labs.com/org/11356/html/security.html.