Anyone using this on a hardened box (e.g. to augment a precompiled,
non-ssp binary, such as OOffice)?
http://www.diehard-software.org/ (Emery Berger, UMass)
"DieHard completely prevents particular memory management errors from
having any effect (these are "double frees" and "invalid frees"). It
dramatically reduces the likelihood of another kind of error known as
"dangling pointer" errors, and lowers the odds that moderate buffer
overflows will have any effect. It prevents certain library-based heap
overflows (e.g., through strcpy), and all but eliminates another problem
known as "heap corruption."
How does DieHard differ from Vista's and OpenBSD's "address space
randomization"?
Address space randomization places large chunks of memory (obtained via
mmap / VirtualAlloc) at different places in memory, but leaves unchanged
the relative position of heap objects. OpenBSD adds quasi-random shuffling
of allocated objects around on a page. DieHard not only completely
randomizes the placement of objects across the entire heap, but also adds
protection from a wide variety of errors."
--
gentoo-user@gentoo.org mailing list
