A Buffer overflows is a serious security problem. It allows an attacker to inject executable code of their choice into an already-running application. This ability to run arbitrary code at certain memory addresses is dangerous as attacker being able to execute the instructions from anywhere in memory.
To protect bufferoverflow security vulnerabilities use diehard
With such problems in mind, Berger created a new program that prevents crashing and makes users safer, he says. Dubbed DieHard, there are versions for programs that run in Windows or Linux. DieHard is available free for non-commercial users at www.diehard-software.org.
DieHard protects applications from as-yet unfixed bugs and security vulnerabilities that exploit them. Think of DieHard as a new line of defense against hackers, together with anti-virus protection and firewalls.
DieHard library helps buggy programs run correctly and protects them from a range of security vulnerabilities. It works under
=> Microsoft Windows
=> Solaris UNIX operating systems
It supports almost any application for Linux and Solaris, DieHard currently protects Firefox on Windows XP and Vista - to use with Vista, right-click on the desktop shortcut, and set the Properties so it runs in Windows XP SP2 compatibility mode. DieHard works with Firefox versions 220.127.116.11 and higher, and 18.104.22.168.
Under desktop Linux you may need to protect popular program such as Mozilla Firefox.
How do I use diehard software under Linux?
First download diehard software using wget command:
$ wget 'http://www.cs.umass.edu/%7Eemery/diehard/download/1.0.1/diehard-1.0.1-linux.tar.gz'
Make an installation directory:
$ mkdir diehard
$ tar -zxvf diehard-1.0.1-linux.tar.gz -C diehard
Setup LD_PRELOAD variable to protect binaries
A dynamic linker is the part of an operating system (OS) that loads and links the shared libraries for an executable when it is run. ld-linux.so is default dynamic linker on Linux (ld.so on BSD). Use LD_PRELOAD environment variable to instructs the loader to load additional libraries into a program, beyond what was specified when it was compiled. This way you can load protection provided by diehard software.
Append following line in /etc/profile or ~/.bash_profile file
$ vi ~/.bash_profile
Append LD_PRELOAD with the full path to the interposer library:
Save and close the file. You can also type command at shell prompt:
Now start application such as Firefox or other application:
$ fiefox &
$ mozilla-thunderbird &
NOTE: Replace /home/vivek with your actual home directory name.
Verify that libdiehard.so is working for you with lsof command
$ lsof | grep libdiehard.so
startx 4386 vivek mem REG 3,65 215612 2150782 /home/vivek/dirhard/libdiehard.so xinit 4397 vivek mem REG 3,65 215612 2150782 /home/vivek/dirhard/libdiehard.so firefox 4600 vivek mem REG 3,65 215612 2150782 /home/vivek/dirhard/libdiehard.so run-mozil 4603 vivek mem REG 3,65 215612 2150782 /home/vivek/dirhard/libdiehard.so firefox-b 4608 vivek mem REG 3,65 215612 2150782 /home/vivek/dirhard/libdiehard.so lsof 4621 vivek mem REG 3,65 215612 2150782 /home/vivek/dirhard/libdiehard.so grep 4622 vivek mem REG 3,65 215612 2150782 /home/vivek/dirhard/libdiehard.so lsof 4623 vivek mem REG 3,65 215612 2150782 /home/vivek/dirhard/libdiehard.so
How do I uninstall this program?
Simply remove export command from your .bash_profile or /etc/profile file. Delete all libdiehard.* files. Reboot the system.
How do I secure Windows XP Firefox version?
Download and install this software to protect Mozilla / Firefox on Windows.
Please note that Exec Shieldproject does almost same thing. It reduces the risk of worm or other automated remote attacks on Linux server systems. It can make the exploitation of several types of security vulnerabilities much more difficult. Update: See below for more information.
Updated for accuracy and additional content.
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop