1 |
Anyone using this on a hardened box (e.g. to augment a precompiled, |
2 |
non-ssp binary, such as OOffice)? |
3 |
|
4 |
http://www.diehard-software.org/ (Emery Berger, UMass) |
5 |
|
6 |
"DieHard completely prevents particular memory management errors from |
7 |
having any effect (these are "double frees" and "invalid frees"). It |
8 |
dramatically reduces the likelihood of another kind of error known as |
9 |
"dangling pointer" errors, and lowers the odds that moderate buffer |
10 |
overflows will have any effect. It prevents certain library-based heap |
11 |
overflows (e.g., through strcpy), and all but eliminates another problem |
12 |
known as "heap corruption." |
13 |
|
14 |
How does DieHard differ from Vista's and OpenBSD's "address space |
15 |
randomization"? |
16 |
|
17 |
Address space randomization places large chunks of memory (obtained via |
18 |
mmap / VirtualAlloc) at different places in memory, but leaves unchanged |
19 |
the relative position of heap objects. OpenBSD adds quasi-random shuffling |
20 |
of allocated objects around on a page. DieHard not only completely |
21 |
randomizes the placement of objects across the entire heap, but also adds |
22 |
protection from a wide variety of errors." |
23 |
-- |
24 |
gentoo-user@g.o mailing list |