Re: announcing libwipe

[Kees Cook <kees () ubuntu com>]

On Sat, Mar 12, 2011 at 01:29:13AM -0500, Andrew Clausen wrote:
> to the original programs.  To use it for all programs in a single shell
> session, set the LD_PRELOAD environment variable with the shell command
>
>         export LD_PRELOAD=/usr/local/lib/libwipe.so
>
> To use it system-wide, add /usr/local/lib/libwipe.so to the /etc/ld.so.preload
> configure file.
>
> The program uses two mechanisms:
> (1) when memory is deallocated with free(3), it is zeroed out.
> (2) when the process terminates, the entire memory is zeroed out.

Cool, thanks for the announcement.

#1 can also be done using glibc's $MALLOC_PERTURB_ environment variable (it
initializes memory with new() to its value, and then fills memory with the
inverse on free(). For example, "export MALLOC_PERTURB_=85" will get you an
alternating bit pattern.

Feature #2, however, is not handled by MALLOC_PERTURB_, and there isn't a
particularly good way I've found to set MALLOC_PERTURB_ globally, unlike
the /etc/ld.so.preload example for libwipe.

If libwipe grew similar bit-pattern handling for new(), it could be used
for similar purposes (trying to ferret out use-after-free or
use-before-init bugs in general).

Thanks,

-Kees

-- 
Kees Cook
Ubuntu Security Team