blob: d20ec5dd7d44a196467058ca7bf34ea5ab0a1d1e (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
This is a library, which contains a safe reincarnations
of strcpy/strcat/sprintf and some other functions,
which is known to be a source to 99% of stack smashing
attacks since Morrison Worm.
Basic idea is: these functions never return in case
of modified stack frames. Instead, they kills current
process with SIG_SEGV, and, in case when program
just ignores it - calls exit(2). In 'paranoidal'
point of view, termination of a process is a much
less worth, than possible incorrect continuation.
This library can be used in two ways - you can just
install it as a port/package, and then relink critical
applications (such as a network daemons) with
-lparanoia -L/usr/local/lib, or you can override
standard functions in libc (using libparanoia/copy-to-libc
shell script) - in this case you'll get any application,
which uses shared libc, automatically protected.
http://www.lexa.ru/snar/libparanoia/
--
Alexandre Snarskii <snar@paranoia.ru>. Baltika-3 is better :)
|