sponsored by
episec:
internet security for the paranoid.
fmtlib
ari edelkind - custom works
blurb
fmtlib is a dynamically loadable library intended for the auditing of
binaries throughout normal operation. Essentially, if the string passed as
the format argument of wrapped function calls is writable, a flag is raised.
If not, the argument is considered benign. This method is used because
strings that are compiled into memory are not writable by default. Slowdown
is minimal, and during the time that wrapped functions are not called,
nonexistent.
Note that this library uses signal processing and alters the permissions of
memory segments to do its job; there may be programs that it is incompatible
with. Use of this library on production systems is not recommended.
That said, i have successfully used fmtlib to wrap complete sessions during
hours of nontrivial system use, without experiencing any problems.
The current version has been tested only on 80386-based freebsd and dgux.
It is not likely to work on linux, and it will not function on other
architectures due to built-in assembly code. Ports to other operating
systems and architectures will be included in the future, but until then, if
you have a port that you would like incorporated, please send me a diff.
download
The current version is
fmtlib-20020712-1.tar.gz.
The current version can always be downloaded as
fmtlib-current.tar.gz.
MD5 sums may be viewed
here.
ari edelkind - [contact]