Category: Replacement » Libraries
Passcheck is a drop-in replacement or rewrite of the original cracklib, and shares no code with the original. It features an enhanced dictionary check, and the ability to use the standard system wordlist.
The exploitation of buffer overflow vulnerabilities in process stacks constitutes a significant portion of security attacks in recent years. We present a new method to detect and handle such attacks. In contrast to previous work, our method does not require any modification to the operating system and works with existing binary programs. Our method does not require access to the source code of defective programs, nor does it require recompilation or off-line processing of binaries.
distribuNet is a mid-level statically linked C library for cross-platform distributed networking applications. The library operates almost exactly like th Berkeley socket libraries that it wraps. The library has been compiled and tested on Linux 2.2 and Linux 2.0 with g++. All programs built with the library must use g++ as well, since it takes advantage of some of the C++ gcc modules.
The file msystem.c contains a version of system(3), popen(3), and pclose(3) that provide considerably more security than the standard C functions. They are named msystem, mpopen, and mpclose, respectively. While I don't guarantee them to be PERFECTLY secure, they do constrain the environment of the child quite tightly, tightly enough to close the obvious holes.
This is the 3rd enhanced portmapper release. The code compiles fine with SunOS 4.1.x, Ultrix 4.x and ESIX System V release 4.0, but it will work with many other UNIX flavors. Tested with SunOS 4.1.1; an earlier version was also tested with Ultrix 3.0. SysV.4 uses a different program that the portmapper, however; rpcbind is the name, and it can do much more than the old portmapper. This is a portmapper replacement with access control in the style of the tcp wrapper (log_tcp) package. It provides a simple mechanism to discourage access to the NIS (YP), NFS, and other services registered with the portmapper. In some cases, better or equivalent alternatives are available. The SunOS portmap that is provided with patch id100482-02 should close the same security holes. In addition, it provides NIS daemons with their own access control lists. This is better than just portmapper access control. The "securelib" shared library (eecs.nwu.edu:/pub/securelib.tar) implements access control for all kinds of (RPC) services, not just the portmapper. Reportedly, Irix 4.0.x already has a secured portmapper. However, many vendors still ship portmap implementations that allow anyone to read or modify its tables and that will happily forward any request so that it appears to come from the local system.
The securelib package by William LeFebvre. Provides a replacement shared library from SunOS 4.1.x systems that offers new versions of the accept, recvfrom, and recvmsg networking system calls. These calls are compatible with the originals, except that they check the address of the machine initiating the connection to make sure it is allowed to connect, based on the contents of the configuration file. The advantage of this approach is that it can be installed without recompiling any software.
The Open JCE Project for JavaTM is a clean room implementation of the JavaTM Cryptography Extension (JCE) API as defined by Sun MicrosystemsTM, plus a provider of underlying crypto algorithms. This JCE is based on the early access beta2 version of the JCE as available from the Java Developer ConnectionTM early access area. Since the Sun JCE is written for JDK 1.2, there are three versions of the library included. One which is compatible with JDK 1.02, one with JDK 1.1 and one with JDK 1.2 (tested against JDK 1.2fcs). The complete source for each library is also included.
Browse by category