Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


VNU Net: Linux boosted by new security software

May 03, 2000, 15:36 (0 Talkback[s])
(Other stories by Eric Harlow)

By Eric Harlow, VNU Net

Linux security was bolstered last week when Lucent's Bell Labs said that it is releasing free software for the operating system to protect enterprise servers against buffer overflow attacks.

Buffer overflows have been the most common form of computer security vulnerability for the past 10 years, according to the Defense Advanced Research Projects Agency (DARPA).

The software, called Libsafe, stops intruders deliberately overflowing application buffer memory chips to gain access to a computer. Linux vendors Red Hat, Mandrake, Turbolinux and Debian are working with Bell to incorporate it into their operating systems. The program can be downloaded from www.bell-labs.com/org/11356/libsafe.html.

A buffer is a section of memory in which applications temporarily store information. Some applications write information to buffers without checking the size of the buffers.

Servers running such applications are most vulnerable to buffer overflows - when too much data is sent to the buffer it overflows into the adjacent memory section. Overflow code can write additional commands to an application, effectively hijacking it. Libsafe intercepts the use of vulnerable code functions and prevents overflow.

Butler Group analyst Andrew Frost said that buffer overflow was still a common problem, and that the only current solution was to manually fix applications, although this required programming skills. "Releasing this on Linux is another tick in the box for deployment as an enterprise server. It will offer greater availability for users. If only we had something like this for NT," he said.

Libsafe will be made available under the GNU public licence.

[ First appeared in Network News ]

Related Stories: