* [gentoo-user] "DieHard" ? ( hardens against memory errors)
@ 2007-01-01 22:25 7v5w7go9ub0o
0 siblings, 0 replies; only message in thread
From: 7v5w7go9ub0o @ 2007-01-01 22:25 UTC (permalink / raw
To: gentoo-hardened@lists.gentoo.org; +Cc: gentoo-user
Anyone using this on a hardened box (e.g. to augment a precompiled,
non-ssp binary, such as OOffice)?
http://www.diehard-software.org/ (Emery Berger, UMass)
"DieHard completely prevents particular memory management errors from
having any effect (these are "double frees" and "invalid frees"). It
dramatically reduces the likelihood of another kind of error known as
"dangling pointer" errors, and lowers the odds that moderate buffer
overflows will have any effect. It prevents certain library-based heap
overflows (e.g., through strcpy), and all but eliminates another problem
known as "heap corruption."
How does DieHard differ from Vista's and OpenBSD's "address space
randomization"?
Address space randomization places large chunks of memory (obtained via
mmap / VirtualAlloc) at different places in memory, but leaves unchanged
the relative position of heap objects. OpenBSD adds quasi-random shuffling
of allocated objects around on a page. DieHard not only completely
randomizes the placement of objects across the entire heap, but also adds
protection from a wide variety of errors."
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2007-01-01 22:30 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-01-01 22:25 [gentoo-user] "DieHard" ? ( hardens against memory errors) 7v5w7go9ub0o
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox