About site: Software/Operating Systems/Unix/Security/Protection - Guarded Memory Move (GMM)
Return to Computers also Computers
  About site: http://www.xmailserver.org/gmm.html

Title: Software/Operating Systems/Unix/Security/Protection - Guarded Memory Move (GMM) The GMM library can be used to prevent and study buffer overflows exploits
Monsterama_Free_Clipart_Collection EPS files for high-quality printing.

Leger,_Matt_G_ Macintosh top ten list with profile and links.

Blacksheep Web development, hosting, programming, design and e-commerce solutions.

Quick_Quote Shop management software with an integrated parts and labor guide.

Still_Water_-_osCommerce_Tutorial A step-by-step tutorial aimed at getting up and running with osCommerce.

Affiliate-Net_net Affiliate training and education center with articles, links and resources.

  Alexa statistic for http://www.xmailserver.org/gmm.html





Get your Google PageRank






Please visit: http://www.xmailserver.org/gmm.html
  Related sites for http://www.xmailserver.org/gmm.html
    The_A9 This is a very compact machine based around the ARM9 processor and designed to run desktop and embedded versions of RISC OS Adjust 32.
    CadinalWare Website content management and information distribution. Create and publish Web pages, digital brochures, and email messages. Features a file manager, calendar, and e-commerce tools.
    Soldam_Web_Market Offers a wide variety of unique, anodized aluminum PC cases.
    Ankh Graphical adventure game set in ancient Egypt.
    Turbo_C++_Explorer A C++ Rapid Application Development environment for the native Win32 platform. Features fast compile times, powerful debugging, and a highly productive IDE.
    MIX_Builder Full development environment: editor, assembler, simulator, interactive debugger; all in one. Does all 157 MIX instructions: floating-point operations, card reader, card punch, line printer, typewrite
    World_Computer_Security_Corp Over 75 products to secure your computer equipment.
    XML_Bible_Chapter_17 Covers the October 8, 1999 proposed recommendations of XSL Transformations and XPath.
    Utech_Computer_Solutions Offers World Time, a desktop utility that allows the user to view the time in a number of locations. Free demo version available.
    RFC_3196 Internet Printing Protocol/1.1: Implementor's Guide. T. Hastings, C. Manros, P. Zehler, et al. November 2001.
    RFC_1381 SNMP MIB Extension for X.25 LAPB. D. Throop, F. Baker. November 1992.
    Alien_Software Company develops freeware and shareware programs. Current software includes AshEdit, IPWatch, Alien Speech and Alien Whois.
    cfghelper Provides a Python script for managing config files created by portage.
    Newton_Designs Newton Designs offers custom design and development for small businesses.
    Robson_Design Web design, architecture, construction, and management. Located in Meriden, Connecticut, United States.
    Flux_Photography_and_Design Offers designing solutions including photograph services.
    Soxca_Design Provides design, development, and maintenance services, as well as photography, scanning, graphics design, and marketing.
    Astral_Visions Web site and graphic design for small business advertising and promotion. Located in Pennsylvania.
    Katharion Provides spam and virus filtering services that keep unwanted mail off the network.
    Hit-counter_net Offers web site traffic statistics analysis using.
This is websites2007.org cache of m/ as retrieved on 2008.10.11 websites2007.org's cache is the snapshot that we took of the page as we crawled the web. The page may have changed since that time.
Guarded Memory Move (GMM) Home PageGuardedMemory Move (GMM) Home PageThe Guarded Memory Move tool getshandy when you have to study bufferoverflows and you need to catch them together with a "good" stackimage.When a stack overflow has been exploited, the back trace is alreadygonetogether with good information about parameters and local variables,that are of vital importance when trying to understand how the attackeris trying to work out the exploit. The GMMlibrary uses dynamic function call interception to catch the mostcommonfunctions that are used by attackers to exploit stack buffers. The GMM library uses the LD_PRELOAD capability and offerstwoservices to the user. First of all, it avoids buffer overflow to allowthe attacker to execute shell-code on your machine. Second, in casewhere an exploit is detected, the stack content is saved and asegmentation fault is triggered. The resulting core dump will then haveall the necessary information to debug the exploit and fix thesoftware.Internally, the library insert itself between the application and the glibc libraryandintercept functions that might lead to buffer overflow exploits. Beforecalling the glibccore function, the GMM layersaves part of the stack frame above the caller to a temporary locationin its frame. It also stores the previous three return addresses in itslocal storage before calling the glibc corefunction. When the core function returns, the GMM code samples again thepreviouslyrecorded return addresses and, if they differ, it restores thepreviously saved stack frame and issue a segmentation fault. This witha cleanstack frame, so thatit can beinspected with a debugger. While other solutions exist to detect bufferoverflow exploits, like for example StackGuardand StackShield,thosediffers from GMM in many ways.They live as gcc patches and dorequire you to rebuild your application to use their functionalities.The good of this approach is that every single function is protectedagainst buffer overflows. The bad of this solution is that every singlefunction is protected against buffer overflows. That is, performanceregression on the whole application, even if this is not really a hugeproblem when hunting for buffer overflows. Another solution similar to GMM is LibSafe,but it does not save and restore the stack frame by making it unusablefor debugging. But let's see how GMMdiffers from the above listed solutions. First of all, GMM works everywhere there are stackframes and the gccand glibcduo. Thatmeans that it is not limited to i386 only. And now the real reason forthe GMM existence. This is howit will look like a stack frame when a buffer overflow is detected withany debugger or the above solutions:[davide@bigbluetest]$ gdb -ccore.14600 gmm-testGNU gdb RedHat Linux(5.3post-0.20021129.18rh)Copyright2003 Free SoftwareFoundation, Inc.GDB is freesoftware, covered by theGNU General Public License, and you arewelcome tochange it and/ordistribute copies of it under certain conditions.Type "showcopying" to see theconditions.There isabsolutely no warranty forGDB.  Type "show warranty" for details.This GDB wasconfigured as"i386-redhat-linux-gnu"...Core wasgenerated by `./gmm-testuiyueiwyeowyreoywoeywoewoyrowuruowyeouwyeoqwyeowyeoyruowuoewueywewou'.Programterminated with signal 11,Segmentation fault.Readingsymbols from/lib/libc.so.6...done.Loadedsymbols for /lib/libc.so.6Readingsymbols from/lib/ld-linux.so.2...done.Loadedsymbols for /lib/ld-linux.so.2#0 0x776f6579 in ?? ()(gdb) bt#0 0x776f6579 in ?? ()Cannot accessmemory at address0x77716f65(gdb)This buffer overflow is generatedusing the test application availableinside the test directory ofthe distribution package. No much of useful information are there andnodebugging is basically possible with the above information. Let's lookat how the stack frame looks like when GMMis on the loop:[davide@bigbluetest]$ gdb -ccore.14604 gmm-testGNU gdb RedHat Linux(5.3post-0.20021129.18rh)Copyright2003 Free SoftwareFoundation, Inc.GDB is freesoftware, covered by theGNU General Public License, and you arewelcome tochange it and/ordistribute copies of it under certain conditions.Type "showcopying" to see theconditions.There isabsolutely no warranty forGDB.  Type "show warranty" for details.This GDB wasconfigured as"i386-redhat-linux-gnu"...Core wasgenerated by `./gmm-testuiyueiwyeowyreoywoeywoewoyrowuruowyeouwyeoqwyeowyeoyruowuoewueywewou'.Programterminated with signal 11,Segmentation fault.Readingsymbols from../gmm/.libs/libgmm.so...done.Loadedsymbols for../gmm/.libs/libgmm.soReadingsymbols from/lib/libc.so.6...done.Loadedsymbols for /lib/libc.so.6Readingsymbols from/lib/libdl.so.2...done.Loadedsymbols for /lib/libdl.so.2Readingsymbols from/lib/ld-linux.so.2...done.Loadedsymbols for /lib/ld-linux.so.2#0 0x400185d4 in sprintf(str=0xbffff840 "ÀÂ", fmt=0x8048464 "%s") at gmm.c:243243    WRAP_VFUNCTION(int, sprintf,(char *str, const char *fmt, ...), fmt, (str, fmt, args))(gdb) bt#0 0x400185d4 in sprintf(str=0xbffff840 "ÀÂ", fmt=0x8048464 "%s") at gmm.c:243#1 0x08048376 in do_overflow(str=0xbffffa44"uiyueiwyeowyreoywoeywoewoyrowuruowyeouwyeoqwyeowyeoyruowuoewueywewouew")at gmm-test.c:33#2 0x08048396 in run_test(str=0xbffffa44"uiyueiwyeowyreoywoeywoewoyrowuruowyeouwyeoqwyeowyeoyruowuoewueywewouew")at gmm-test.c:41#3 0x080483b3 in main (argc=2,argv=0x390d) at gmm-test.c:51#4 0x40043ab7 in__libc_start_main() from /lib/libc.so.6(gdb)A lot better, isn't it? The wholestack frame is preserved anddebugging and inspection of function parameters and local variables ispossible. This is the main reason that drove the GMM development. It is possible touse the environment variable GMM_FAULT_EXECto specify the path of an executable to be run when a fault isdetected.The executable will be run with only one parameter, that is the PID ofthe monitored process. The monitored process will be waiting theexternal process to complete before continuing the execution (that willlead to a segmentation fault). The GMM_FAULT_EXECcan be used for many purposes. From sending an email notification up tofor running a debugger to attach the faulting process. For the GMM library to work, the softwareshould be compiled with frame pointers (that is gcc default) and for the stack dump tobe useful, debugging information should be included inside the binary (gcc -g). There is a little performanceregression in using this library, but it should not impact at all thenormal use of the executable. And, when you are hunting for exploits,you don't really care about performance. To use the library, you firsthave to build it:$ ./configure (puteventualconfigure parameters here)$ make# make installTo use the library you have toadd it to the LD_PRELOAD inyour enviroment (orput it on the same command line you're using to run the binary).Example:$ LD_PRELOAD=/usr/local/lib/libgmm.soXXXX ...where XXXX is the path of thebinary you want to monitor. You mightwant to be sure that your core dump limit is not set to zero by issuing:$ ulimit -c NNNNwhere NNNN is the maximumsizeof the core dump in Kb.SoftwareThe latest package source code isavailable here:GMM     0.6Links GMM White Paper Rate this paper at SecurityDocs.com: 5 - Perfect 4 - Good 3 - Average 2 - Mediocre 1 - Bad GMM Home Page at FreshMeatStackGuardStackShieldLibSafeAuthorHome Page
 

The

GMM

library

can

be

used

to

prevent

and

study

buffer

overflows

exploits

http://www.xmailserver.org/gmm.html

Guarded Memory Move (GMM) 2008 October

dvd rental

dvd


The GMM library can be used to prevent and study buffer overflows exploits

Rules

© 2008 Internet Explorer 5+ or Netscape 6+
Recommended Sites: 1. Arts - Business - Computers - Games - Health - Home - Kids and Teens - News - Recreation - Reference - Regional - Science - Shopping - Society - Sports - World Miss Gallery - Top Anime Hentai - DVD rental by mail - Flirting tips - Airsoftmart selling airsoft in the uk - Xbox Mod Chip - Cheap hotel in Paris - Money
2008-10-11 06:02:04

Copyright 2005, 2006 by Webmaster
Websites is cool :) 14Kalendarze Reklamowe - Online Bingo - Artyku³y Reklamowe - Kalendarze - Pozycjonowanie Stron