July 22nd, 2002, 02:01 AM
Libsafe 2.0.14 !!!BUG ALERT!!!
Just a note for anyone who uses avayalabs libsafe version 2.0.16 (current).
Heres a little background information on libsafe and why you should implement it
"The exploitation of buffer overflow and format string vulnerabilities in process stacks constitutes a significant portion of security attacks in recent years. We present a new method to detect and handle such attacks. In contrast to previous work, our method does not require any modification to the operating system and works with existing binary programs. Our method does not require access to the source code of defective programs, nor does it require recompilation or off-line processing of binaries. Furthermore, it can be implemented on a system-wide basis transparently. Our solution is based on a middleware software layer that intercepts all function calls made to library functions that are known to be vulnerable. A substitute version of the corresponding function implements the original functionality, but in a manner that ensures that any buffer overflows are contained within the current stack frame, thus, preventing attackers from 'smashing' (overwriting) the return address and hijacking the control flow of a running program . We have implemented our solution on Linux as a dynamically loadable library called libsafe. Libsafe has demonstrated its ability to detect and prevent several known attacks, but its real benefit, we believe, is its ability to prevent yet unknown attacks. Experiments indicate that the performance overhead of libsafe is negligible."
I have been in contact recently with Timothy Taia who works on the libsafe project
and ive imformed him that libsafe 2.0.16 has a bug in its code that can cause the system clock
to malfunction and display the incorrect time.
-- snip snip --
This appears to be a libsafe problem. We're making a fairly
significant upgrade to libsafe to handle this problem, so the fix
won't be out for a little while.
However, to address this problem, you can make libsafe ignore hwclock
by placing the full pathname for hwclock in /etc/libsafe.exclude.
Thanks for your patience. I'll inform you when the libsafe fix is
-- snip snip --
Hopefully you all know and understand the importance of keeping the system clocks on ALL your hosts sync'ed. Think about IDS, Computer Foresics and everything else that depends on the correct time. You host should be running the Network Time Protocol, NTP
anyway just letting you guys know about this bug and that they are working on a fix.
more information - http://www.avayalabs.com/project/libsafe/