LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 01-04-2007, 02:45 AM   #1
craigevil
Senior Member
 
Registered: Apr 2005
Location: OZ
Distribution: Debian Sid
Posts: 4,733
Blog Entries: 12

Rep: Reputation: 457Reputation: 457Reputation: 457Reputation: 457Reputation: 457
How to protect buggy programs from security vulnerabilities under Linux


Has anyone tried this?
How to protect buggy programs from security vulnerabilities under Linux and UNIX | nixCraft
http://www.cyberciti.biz/tips/howto-...abilities.html

And is it really worth using 50-75% more ram usage when runnng Iceweasel/Iceape?

Quote:
DieHard eliminates or greatly reduces the likelihood of a class of bugs and security vulnerabilities called memory errors. DieHard prevents certain kinds of errors from happening at all. It also reduces the probability that a bug will have any effect at all. DieHard works by randomly locating program objects far apart from each other in memory. This scattering of memory objects all over memory not only makes some errors unlikely to happen, it also makes it virtually impossible for a hacker to know where vulnerable parts of the program's data are. This thwarts a wide class of exploits.

DieHard works in two modes: standalone and replicated. The standalone version replaces the memory manager with the DieHard randomized memory manager. This randomization increases the odds that buffer overflows will have no effect, and reduces the risk of dangling pointers. The replicated version provides greater protection against errors by running several instances of the application simultaneously and voting on their output. Because each replica is randomized differently, each replica will likely have a different output if it has an error, and some replicas are likely to run correctly despite the error.
 
Old 01-04-2007, 06:48 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,457
Blog Entries: 54

Rep: Reputation: 2897Reputation: 2897Reputation: 2897Reputation: 2897Reputation: 2897Reputation: 2897Reputation: 2897Reputation: 2897Reputation: 2897Reputation: 2897Reputation: 2897
Haven't tried it (and that's not based on the fact we already got malloc stuff, PAX, Systrace or Exec Shield floating around nor the fact it's funded by Microsoft and Intel). The title "How to protect buggy programs from security vulnerabilities under Linux and UNIX" is wrong IMHO since it emphasises mitigating symptoms instead of fixing the cause (which it obviously can't ofcourse): instead the *code* should be made safe to use.


And is it really worth using 50-75% more ram usage when runnng Iceweasel/Iceape?
Basically you're asking if it's a good choice to trade off using more RAM for better coverage (less risk)?
If a test of established products vs this one should show they don't provide enough coverage then the answer would be simple. (That is if the Slashdot article didn't mention several people having problems running apps after installing this.) (And next to that RAM is there to be used and the Linux VM knows best how to take care of it.)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: How to protect buggy programs from security vulnerabilities/buffer overflows under Linux and UNIX LXer Syndicated Linux News 0 01-02-2007 01:24 AM
Linux Vulnerabilities More Numerous And Severe Than Windows Omran Linux - Security 2 04-04-2005 05:08 AM
Warning: Protect Your Digital Rights And Security! TexasDex General 11 04-25-2003 11:54 AM
SANS/FBI Releases the Twenty Most Critical Internet Security Vulnerabilities jeremy Linux - Security 4 10-07-2002 06:37 PM


All times are GMT -5. The time now is 01:02 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration