# # # 07-Dec-02 amo Fails to compile on rh-8.0 and slack-8.1 # 06-Jul-04 amo Install libsafe-2.0-16 # # # Original Source # --------------- # http://www.Linux-Sec.net/harden/libsafe.txt # http://www.Linux-Sec.net/harden/libsafe.uhowto.txt # # # http://www.research.avayalabs.com/project/libsafe # http://www.research.avayalabs.com/project/libsafe/src/libsafe-2.0-16.tgz # # http://directory.fsf.org/security/net/libsafe.html # http://slackware.osuosl.org/slackware-7.1/contrib/libsafe.txt ( slackware-7.1 ) # installpkg libsafe.tgz # # http://www.bell-labs.com/org/11356/libsafe.html # # # # # # stack smash demo # # # http://www.mirrors.wiretapped.net/security/host-security/libsafe/paper.html # # # # # # another way to detect format string attack ( like what libsafe does ) # # # http://box3n.gumbynet.org/~fyre/software/libformat.php3 # # # Install libsafe-2.0-16 # cd /usr/local/src # tar zxpvf libsafe-2.0-16.tgz # cd libsafe-2.0-16 # make # make install # # --> systemwide install ---> creates /etc/ld.so.preload # # # # Test to see that libsafe is working # =================================== # # http://www.Linux-Sec.net/harden/libsafe.uhow2.txt # # vi /etc/profile # # 07-Dec-02 amo To install libsafe # export LD_PRELOAD=/lib/libsafe.so.2 # # to unset it # unset LD_PRELOAD # # # # LibSafe is installed if you get an environment variable # set | grep LD LD_PRELOAD=/lib/libsafe.so.2 # # # ================================================================== # # # Not source ( precompiled lib/incoming/libsafe-2.0.12* ) http://www.ncart.scs.ryerson.ca/pub/slackware/slackware-current/extra/libsafe-2.0-12/ http://www.buraphalinux.org/download/blcd4_0_src/slackware-8.1beta2/extra/libsafe-2.0-12/ # # # # # root@Guru:/usr/local/src/libsafe-2.0# make # ------------------------------------------ # cd src; make # make[1]: Entering directory `/usr/local/src/libsafe-2.0/src' # gcc -M util.c intercept.c vfscanf.c vfprintf.c reg-printf.c > dep # vfscanf.c:437: macro `__libc_cleanup_region_start' used with only 2 args # vfprintf.c:2161: macro `__libc_cleanup_region_start' used with only 2 args # vfprintf.c:2983: macro `__libc_cleanup_region_start' used with only 2 args # make[1]: *** [dep] Error 1 # root@Guru:/usr/local/src/libsafe-2.0-2# make # ------------------------------------------ # cd src; make # make[1]: Entering directory `/usr/local/src/libsafe-2.0-2/src' # gcc -c -o vfscanf.o -O2 -Wall -DNDEBUG -fPIC vfscanf.c # vfscanf.c:437: macro `__libc_cleanup_region_start' used with only 2 args # make[1]: *** [vfscanf.o] Error 1 # # # # redhat:/usr/src# rpm -ivh libsafe-2.0-2.i386.rpm libsafe ################################################## # # # redhat:/usr/src/# new.tar zxvfp libsafe-2.0-2.tgz # # # /usr/local/src# new.tar zxvfp libsafe-2.0-2.tgz # /usr/local/src/libsafe-2.0-2# make # /usr/local/src/libsafe-2.0-2# make install # # # vi ~/.bashrc vi /etc/profile ... export LD_PRELOAD=/lib/libsafe.so.2 # # ldconfig -p ldconfig -v # # see /var/log/secure # # # # Sources # -------- redhat:/usr/local/src/libsafe-2.0-2# make # # redhat:/usr/local/src/libsafe-2.0-2/exploits# make # redhat:/usr/local/src/libsafe-2.0-2/exploits# ./int.sh t1 redhat:/usr/local/src/libsafe-2.0-2/exploits# ./int.sh t3 redhat:/usr/local/src/libsafe-2.0-2/exploits# ./int.sh t4 # redhat:/usr/local/src/libsafe-2.0-2/exploits# ./canary-exploit # - it worked - exploited ...have /bin/sh prompt: ( sh-2.04# ) # ============= # redhat:/usr/local/src/libsafe-2.0-2/exploits# ./xlock -nolock # # grep libsafe /var/log/secure # # load the env variable # redhat:/usr/local/src/libsafe-2.0-2/src# source /etc/profile # redhat:/usr/local/src/libsafe-2.0-2/exploits# ./exploit-non-exec-stack # - it did NOT work this time # ============ # # # To Unload libsafe # ================= # unset libsafe # # # end of file