sponsored by episec: internet security for the paranoid.


ari edelkind - custom works


fmtlib is a dynamically loadable library intended for the auditing of binaries throughout normal operation. Essentially, if the string passed as the format argument of wrapped function calls is writable, a flag is raised. If not, the argument is considered benign. This method is used because strings that are compiled into memory are not writable by default. Slowdown is minimal, and during the time that wrapped functions are not called, nonexistent.

Note that this library uses signal processing and alters the permissions of memory segments to do its job; there may be programs that it is incompatible with. Use of this library on production systems is not recommended.

That said, i have successfully used fmtlib to wrap complete sessions during hours of nontrivial system use, without experiencing any problems.

The current version has been tested only on 80386-based freebsd and dgux. It is not likely to work on linux, and it will not function on other architectures due to built-in assembly code. Ports to other operating systems and architectures will be included in the future, but until then, if you have a port that you would like incorporated, please send me a diff.


The current version is fmtlib-20020712-1.tar.gz. The current version can always be downloaded as fmtlib-current.tar.gz.

MD5 sums may be viewed here.

ari edelkind - [contact]