[32628] in bugtraq
[ANNOUNCE] glibc heap protection patch
daemon@ATHENA.MIT.EDU (William Robertson)
Mon Dec 1 15:22:27 2003
Mime-Version: 1.0 (Apple Message framework v606)
Content-Transfer-Encoding: 7bit
Message-Id: <E690C92D-2434-11D8-8B1F-000A95675F0E@cs.ucsb.edu>
Content-Type: text/plain; charset=US-ASCII; format=flowed
To: sectools@securityfocus.com, bugtraq@securityfocus.com,
focus-ids@securityfocus.com
From: William Robertson <wkr@cs.ucsb.edu>
Date: Mon, 1 Dec 2003 11:31:03 -0800
Hi all,
I'd just like to announce that we have a heap protection system for
glibc available for download. The system detects and prevents all heap
overflow exploits that modify inline control information from
succeeding against a protected application, can be installed
system-wide or on a per-process basis using LD_PRELOAD, and is
transparent to existing applications.
We would definitely appreciate any feedback and bug reports on the
code. The patch and some additional information is available at:
http://www.cs.ucsb.edu/~wkr/projects/heap_protection/
Enjoy!
--
William Robertson
Reliable Software Group, UC Santa Barbara
http://www.cs.ucsb.edu/~wkr/
