Bell Labs’ GPLs Linux software that fights security attacks
Apr 21, 2000 — by LinuxDevices Staff — from the LinuxDevices Archive — viewsMurray Hill, NJ — (press release) — Bell Labs announced today that it is releasing free Linux software that foils the most common form of computer security attack. Lucent's Libsafe software prevents electronic intruders from overflowing an application program's buffer memory to gain unauthorized access to a computer.
Buffer overflows have been the most common form of computer security vulnerability exploited by intruders for the past 10 years, according to a recent report published by the Oregon Graduate Institute of Science & Technology (OGI) and funded in part by the Defense Advanced Research Projects Agency (DARPA).
Linux distributors Red Hat, Inc., Linux-Mandrake, Turbolinux and Debian GNU/Linux are working with Bell Labs to incorporate Lucent Libsafe into their software releases. Bell Labs is making Libsafe freely available under the GNU Library General Public License. Users and developers who would like further information and the Libsafe source code can find it here.
A buffer is a region of computer memory that application programs use to temporarily store information. Programs that write information to buffers without properly checking the size of the buffers are potentially vulnerable to security attacks. Such attacks cause an inordinately large amount of data to be written, overwriting the memory immediately following the buffer region. The overflow injects additional code into an application program and then hijacks control of that program to execute the injected code. Lucent's Libsafe software intercepts and monitors the use of vulnerable standard functions and prevents buffer overflow hijackings.
“Red Hat is pleased that Bell Labs is participating in the on-going development of the Linux platform,” said Paul McNamara, VP of Business Development, Red Hat. “Innovations like Libsafe will continue to expand Linux' leading position as the preferred platform for Internet infrastructure.”
“In the current context where security has become a major concern, this innovation further improves the security of the Linux-Mandrake system and meets the expectations of today's users,” said Jacques Le Marois, president of MandrakeSoft.
“TurboLinux is focused on delivering secure, Linux solutions to our customers in the enterprise,” said Steve Quan, senior director of product marketing, TurboLinux. “Lucent Libsafe is an important step forward in securing Linux for the enterprise.”
“Debian treats system security very seriously, and works hard to discover and eliminate security exposures in the free and open-source software we distribute; the Libsafe package adds additional protection against undiscovered exploits in poorly-designed programs, and is therefore beneficial to Debian GNU/Linux users,” said David Coe, one of the developers of Debian Linux.
Libsafe does not require access to the source code of the application programs and protects all application programs running on a system. Bell Labs' tests indicate that Libsafe's effect on a computer's performance is negligible.
It is generally accepted that the best solution to buffer overflow attacks is to fix the original defects in programs. However, this requires knowing that a particular program is defective. Libsafe helps protect programs that are not yet known to be vulnerable.
About Bell Labs (www.bell-labs.com)
Bell Labs is celebrating its 75th anniversary this year. One of the most innovative R&D entities in the world, Bell labs has generated more than 40,000 inventions since 1925. It has played a pivotal role in inventing and perfecting key communications technologies for most of the 20th century, including transistors, digital networking and signal processing, lasers and fiber-optic communications systems, communications satellites, cellular telephony, electronic switching of calls, touch-tone dialing, and modems. Today, Bell Labs continues to be a haven for some of the best scientific minds. With more than 30,000 employees located in 25 countries, it is the largest R&D organization in the world dedicated to communications and the world's leading source of new communications technologies. For more information on Bell Labs, visit www.bell-labs.com.
About Lucent Technologies (www.lucent.com)
Lucent Technologies, headquartered in Murray Hill, NJ, USA, designs and delivers the systems, software, silicon and services for next-generation communications networks for service providers and enterprises. Backed by the research and development of Bell Labs, Lucent focuses on high-growth areas such as optical and wireless networks; Internet infrastructure; communications software; communications semiconductors and optoelectronics; Web-based enterprise solutions that link private and public networks; and professional network design and consulting services.
This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.