The attacks can be quite difficult to guard against since they usually involve software flaws. The vulnerabilities reside within programs themselves and are caused when a section of memory is overwritten. Preventing these attacks has historically involved the modification of the source code and recompilation. However, Libsafe offers another way to deal with these dangerous flaws. Libsafe is a dynamically loadable library that intercepts calls to unsafe functions and processes them so that hackers can't hijack the process and run the code of their choice. The most valuable aspect of Libsafe is that it can help you guard your Linux systems against buffer overflow vulnerabilities that have yet to be discovered. Understanding buffer overflows
The main purpose of an attack using buffer overflow techniques is to gain access to privileged user space on a target machine. Buffer overflows can also crash a program or even cause system instability due to vulnerabilities in the software itself. In a buffer overflow, a section of memory corresponding to a variable used by a program is overwritten. Buffer overflows have been found in all sorts of system programs and daemons such as syslogd, Sendmail, Apache, WU-FTPD, and BIND, to name but a few. Since information security has become more and more of a concern in IT, methods for avoiding, diagnosing, and documenting these exploits have improved. Yet, despite security audits and careful programming, some bugs remain present in many software programs and are not discovered until later. Let's consider an example of a buffer overflow. When a user connects to an FTP server, the daemon displays a prompt requesting a username. We'll assume that the program is expecting a string of no more than 256 characters and is not programmed to perform an argument check. The program will work fine -- that is, until a malicious individual decides to test its weaknesses by passing it a 257-character string. Now, the allocated memory space doesn't have enough room, and the next portion up gets written over. This may not sound bad at first, but its effects can be surprising. It all depends on what is in the memory space that has been overwritten, how much of it was overwritten, and what it was overwritten with. This can be impossible to determine beforehand and can cause strange things to happen. Buffer overflows can also be used in what are called "stack-smashing" attacks, where someone can execute his or her own code on a target system. When a program is executed, it uses an area of memory called the stack. The stack stores function arguments and local variables, among other things. If a particular variable that resides in the stack is susceptible to a buffer overflow, a hacker can use this information to gain access to the system. Similar to buffer overflows are "format string" exploits. These also attempt to access out-of-bounds memory space to gain access to a Linux system. One way to do this is to pass special formatting characters to a print command that doesn't do any format checking. In this manner, the special characters can actually reference memory space and cause program instability. Once again, this falls into the programmers' hands and can be avoided with good coding practices. The C function sprintf(string, "%s"); is an example of good practice, while sprintf(string); would be considered unsafe, as it does not provide formatting information. It's important to remember that a hacker needs to compromise a program that is run as root to get a root shell (which is almost always the goal of the hacker). In recent years, there has been a migration from running programs as root to using a separate user account. Many programs will create a user specifically for running program tasks and will avoid using root as much as possible. In this fashion, even if a program is compromised, the user will not have total control of the system.