| 1 |
Anyone using this on a hardened box (e.g. to augment a precompiled, |
| 2 |
non-ssp binary, such as OOffice)? |
| 3 |
|
| 4 |
http://www.diehard-software.org/ (Emery Berger, UMass) |
| 5 |
|
| 6 |
"DieHard completely prevents particular memory management errors from |
| 7 |
having any effect (these are "double frees" and "invalid frees"). It |
| 8 |
dramatically reduces the likelihood of another kind of error known as |
| 9 |
"dangling pointer" errors, and lowers the odds that moderate buffer |
| 10 |
overflows will have any effect. It prevents certain library-based heap |
| 11 |
overflows (e.g., through strcpy), and all but eliminates another problem |
| 12 |
known as "heap corruption." |
| 13 |
|
| 14 |
How does DieHard differ from Vista's and OpenBSD's "address space |
| 15 |
randomization"? |
| 16 |
|
| 17 |
Address space randomization places large chunks of memory (obtained via |
| 18 |
mmap / VirtualAlloc) at different places in memory, but leaves unchanged |
| 19 |
the relative position of heap objects. OpenBSD adds quasi-random shuffling |
| 20 |
of allocated objects around on a page. DieHard not only completely |
| 21 |
randomizes the placement of objects across the entire heap, but also adds |
| 22 |
protection from a wide variety of errors." |
| 23 |
-- |
| 24 |
gentoo-user@g.o mailing list |
Archives