Gentoo Archives: gentoo-user

From: 7v5w7go9ub0o <7v5w7go9ub0o@×××××.com>
To: "gentoo-hardened@l.g.o" <gentoo-hardened@l.g.o>
Cc: gentoo-user <gentoo-user@l.g.o>
Subject: [gentoo-user] "DieHard" ? ( hardens against memory errors)
Date: Mon, 01 Jan 2007 22:30:42
1 Anyone using this on a hardened box (e.g. to augment a precompiled,
2 non-ssp binary, such as OOffice)?
4 (Emery Berger, UMass)
6 "DieHard completely prevents particular memory management errors from
7 having any effect (these are "double frees" and "invalid frees"). It
8 dramatically reduces the likelihood of another kind of error known as
9 "dangling pointer" errors, and lowers the odds that moderate buffer
10 overflows will have any effect. It prevents certain library-based heap
11 overflows (e.g., through strcpy), and all but eliminates another problem
12 known as "heap corruption."
14 How does DieHard differ from Vista's and OpenBSD's "address space
15 randomization"?
17 Address space randomization places large chunks of memory (obtained via
18 mmap / VirtualAlloc) at different places in memory, but leaves unchanged
19 the relative position of heap objects. OpenBSD adds quasi-random shuffling
20 of allocated objects around on a page. DieHard not only completely
21 randomizes the placement of objects across the entire heap, but also adds
22 protection from a wide variety of errors."
23 --
24 gentoo-user@g.o mailing list