Annotation of dietlibc/README.security, revision 1.1
1.1 ! leitner 1: The diet libc is not especially focused on providing a secure
! 2: environment, but where it is possible to do something, we try to do it.
! 3:
! 4: 1. WANT_STACKGAP in dietfeatures.h
! 5: This will randomize the stack layout slightly. The real memory
! 6: cost is about one page of real memory. The code size increase is
! 7: about 100 bytes, 86 for i386. The benefit is that buffer overflow
! 8: exploits are harder because the address of the buffer fluctuates.
! 9:
! 10: 2. WANT_CRYPT_MD5 in dietfeatures.h
! 11: This will enable MD5 style passwords in crypt(3). The standard
! 12: Unix password mechanism is DES based and thus insecure by today's
! 13: standards. Adding MD5 makes the code larger by some 5k.
! 14:
! 15: 3. WANT_NON_COMPLIANT_STRNCAT in dietfeatures.h
! 16: strncat and strncpy are very user unfriendly. They copy zero
! 17: terminated strings, and you can give them a limit on how much to
! 18: copy, but they will not make sure the result is zero terminated,
! 19: which most programmers would expect who are not familiar with the
! 20: API. So, in the diet libc you can set this #define in
! 21: dietfeatures.h to get the expected behaviour. Since the fix for
! 22: the normal behaviour usually is to write \0 over the last byte of
! 23: the buffer, this does not hurt usually (but is not standards
! 24: compliant).
! 25:
! 26: 4. printf does not support %n.
! 27: %n in printf is the attack vector for format string
! 28: vulnerabilities. Almost nobody uses it anyway (except some part of
! 29: the gcc build process, apparently).
! 30:
LinuxTV legacy CVS <linuxtv.org/cvs>