From owner-freebsd-ports Sat Jan 2 13:50:10 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA04207 for freebsd-ports-outgoing; Sat, 2 Jan 1999 13:50:10 -0800 (PST) (envelope-from owner-freebsd-ports@FreeBSD.ORG) Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA04197 for ; Sat, 2 Jan 1999 13:50:08 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.8.8/8.8.5) id NAA26533; Sat, 2 Jan 1999 13:50:01 -0800 (PST) Received: from sivka.carrier.kiev.ua (sivka.carrier.kiev.ua [193.193.193.101]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA03133 for ; Sat, 2 Jan 1999 13:41:46 -0800 (PST) (envelope-from snar@carrier.kiev.ua) Received: Received: from unicorn.carrier.kiev.ua (snar@unicorn.carrier.kiev.ua [193.193.193.113]) by sivka.carrier.kiev.ua (8.Who.Cares/8.Who.Cares) with ESMTP id XAA28585 for ; Sat, 2 Jan 1999 23:41:16 +0200 (EET) (envelope-from snar@carrier.kiev.ua) Received: (from snar@localhost) by unicorn.carrier.kiev.ua (8.9.1a/8.9.1) id XAA11931; Sat, 2 Jan 1999 23:41:16 +0200 (EET) (envelope-from snar) Message-Id: <199901022141.XAA11931@unicorn.carrier.kiev.ua> Date: Sat, 2 Jan 1999 23:41:16 +0200 (EET) From: snar@paranoia.ru Reply-To: snar@paranoia.ru To: FreeBSD-gnats-submit@FreeBSD.ORG X-Send-Pr-Version: 3.2 Subject: ports/9279: new port submission - libparanoia. Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 9279 >Category: ports >Synopsis: new port submission - libparanoia. >Confidential: yes >Severity: serious >Priority: medium >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Jan 2 13:50:00 PST 1999 >Last-Modified: >Originator: >Organization: Confidential: no Synopsis: new port submission - libparanoia >Release: FreeBSD 2.2.5-STABLE i386 >Environment: >Description: Just a new port submission - libparanoia. That is a security-related library, which provides safe (in mean of stack smashing) incarnations of strcpy/strcat et al. >How-To-Repeat: >Fix: # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # libparanoia # libparanoia/Makefile # libparanoia/files # libparanoia/files/md5 # libparanoia/pkg # libparanoia/pkg/COMMENT # libparanoia/pkg/DESCR # libparanoia/pkg/PLIST # echo c - libparanoia mkdir -p libparanoia > /dev/null 2>&1 echo x - libparanoia/Makefile sed 's/^X//' >libparanoia/Makefile << 'END-of-libparanoia/Makefile' X# New ports collection makefile for: libparanoia X# Version required: 1.3 X# Date created: 1 Jan 1999 X# Whom: Alexandre Snarskii X# X# $Id: Makefile,v 1.3 1999/01/02 20:17:32 snar Exp $ X XDISTNAME=libparanoia-1.3 XCATEGORIES=security XMASTER_SITES=ftp://ftp.lexa.ru/pub/domestic/snar/ X XMAINTAINER=snar@paranoia.ru X XNOMAN=yet X X# this library depends on system-defined headers "SYS.h" and "DEFS.h" X# which may differ from release to release. X Xpre-build: X @echo "------------------------------------------------------------" X @echo "You need to have libc sources installed in /usr/src/lib/libc" X @echo "before compiling. If they are not installed - install them," X @echo "or, if they installed in another place - edit" X @echo "work/${DISTNAME}/Makefile to set a proper place" X @echo "------------------------------------------------------------" X X.include END-of-libparanoia/Makefile echo c - libparanoia/files mkdir -p libparanoia/files > /dev/null 2>&1 echo x - libparanoia/files/md5 sed 's/^X//' >libparanoia/files/md5 << 'END-of-libparanoia/files/md5' XMD5 (libparanoia-1.3.tar.gz) = cfd5687f8e315124e2c72640a723c0a6 END-of-libparanoia/files/md5 echo c - libparanoia/pkg mkdir -p libparanoia/pkg > /dev/null 2>&1 echo x - libparanoia/pkg/COMMENT sed 's/^X//' >libparanoia/pkg/COMMENT << 'END-of-libparanoia/pkg/COMMENT' XSafe (in the mean of stack smashing) reincarnation of strcpy et al. END-of-libparanoia/pkg/COMMENT echo x - libparanoia/pkg/DESCR sed 's/^X//' >libparanoia/pkg/DESCR << 'END-of-libparanoia/pkg/DESCR' XThis is a library, which contains a safe reincarnations Xof strcpy/strcat/sprintf and some other functions, Xwhich is known to be a source to 99% of stack smashing Xattacks since Morrison Worm. X XBasic idea is: these functions never return in case Xof modified stack frames. Instead, they kills current Xprocess with SIG_SEGV, and, in case when program Xjust ignores it - calls exit(2). In 'paranoidal' Xpoint of view, termination of a process is a much Xless worth, than possible incorrect continuation. X XThis library can be used in two ways - you can just Xinstall it as a port/package, and then relink critical Xapplications (such as a network daemons) with X-lparanoia -L/usr/local/lib, or you can override Xstandard functions in libc (using libparanoia/copy-to-libc Xshell script) - in this case you'll get any application, Xwhich uses shared libc, automatically protected. X Xhttp://www.lexa.ru/snar/libparanoia/ X-- XAlexandre Snarskii . Baltika-3 is better :) END-of-libparanoia/pkg/DESCR echo x - libparanoia/pkg/PLIST sed 's/^X//' >libparanoia/pkg/PLIST << 'END-of-libparanoia/pkg/PLIST' Xlib/libparanoia.a Xlib/libparanoia_p.a Xlib/libparanoia.so.1.3 X@exec /usr/bin/env OBJFORMAT=%%PORTOBJFORMAT%% /sbin/ldconfig -m X@unexec /usr/bin/env OBJFORMAT=%%PORTOBJFORMAT%% /sbin/ldconfig -R END-of-libparanoia/pkg/PLIST exit >Audit-Trail: >Unformatted: Originator: Alexandre Snarskii Class: change-request To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message