AK's weblog

During the last 3 evenings, I worked on ContraPolice, a libc extension for protecting applications from heap-smashing attacks. The idea is simple: when memory is dynamically allocated via malloc(3), so-called decoys are placed around it. Should a heap overflow occur, it is very that one of the decoys is overwritten. The decoys are then checked by the libc whether they still match, and if they don't, the program is aborted immediately. This means that all the potentially critical library routines like strcpy(3), strcat(3), sprintf(3), etc. are modified so that they do this check before they return. Due to the way ContraPolice manages the allocated memory blocks, it is extremely inefficient. The current implementation is only available for dietlibc, a small libc for Linux. I chose it because it is easy to understand and modify, and very compact. When I have enough time, implementations for other libcs may follow.

For the sensation-savvy people, here are photos of the DHL aircraft that was hit by a SAM-7 surface-to-air missile near Baghdad on Nov. 22. As you can see, the emergency exit went right into the barbwire, but the crew is OK.

(via Lunatic Fringe)