2fadfa2cfb
e-mail addresses from the pkg-descr file that could reasonably be mistaken for maintainer contact information in order to avoid confusion on the part of users looking for support. As a pleasant side effect this also avoids confusion and/or frustration for people who are no longer maintaining those ports.
21 lines
915 B
Text
21 lines
915 B
Text
This is a library, which contains a safe reincarnations
|
|
of strcpy/strcat/sprintf and some other functions,
|
|
which is known to be a source to 99% of stack smashing
|
|
attacks since Morrison Worm.
|
|
|
|
Basic idea is: these functions never return in case
|
|
of modified stack frames. Instead, they kills current
|
|
process with SIG_SEGV, and, in case when program
|
|
just ignores it - calls exit(2). In 'paranoidal'
|
|
point of view, termination of a process is a much
|
|
less worth, than possible incorrect continuation.
|
|
|
|
This library can be used in two ways - you can just
|
|
install it as a port/package, and then relink critical
|
|
applications (such as a network daemons) with
|
|
-lparanoia -L/usr/local/lib, or you can override
|
|
standard functions in libc (using libparanoia/copy-to-libc
|
|
shell script) - in this case you'll get any application,
|
|
which uses shared libc, automatically protected.
|
|
|
|
WWW: http://www.lexa.ru/snar/libparanoia/
|