[CrackMonkey] [farber@cis.upenn.edu: IP: Re: Libsafe]

Seth David Schoen schoen at loyalty.org
Sun Apr 23 13:25:38 PDT 2000 

(Gar.)

----- Forwarded message from Dave Farber <farber at cis.upenn.edu> -----

Date: Sun, 23 Apr 2000 16:20:25 -0400
To: ip-sub-1 at majordomo.pobox.com
From: Dave Farber <farber at cis.upenn.edu>
Subject: IP: Re: Libsafe

>X-Sender: brett at localhost
>X-Mailer: QUALCOMM Windows Eudora Version 4.3.1
>Date: Sun, 23 Apr 2000 11:02:58 -0600
>To: farber at cis.upenn.edu, ip-sub-1 at majordomo.pobox.com
>From: Brett Glass <brett at lariat.org>
>Subject: Re: IP: Libsafe
>
>Whew!
>
>At first, I was alarmed by this posting. If the library were indeed released
>under the "GNU General Public License," it would have been a tragedy, as
>it would have been infeasible for developers of commercial application 
>programs
>to use it. (The incorporation of a library covered by the GPL forces the
>developer to reveal all of the source code of his application and, 
>essentially,
>to forfeit any chance he may have to profit from licensing the code.)
>
>Fortunately, the posting was not correct. According to the page at
>http://www.bell-labs.com/org/11356/libsafe.html, the code for the Libsafe
>library was actually released under the "GNU Library GPL," which does not
>carry this onerous restriction. While Richard Stallman has attempted to
>deprecate the LGPL (he recently attempted to rename it the "lesser GPL" 
>because
>it is not as hostile to commercial and closed source developers' interests as
>the GPL), it is closer to the correct licensing scheme for this product 
>though
>it also poses some problems.
>
>The best licensing scheme for this product would have been the MIT X license
>or BSD license, because it would have permitted commercial development of
>improved versions of the library and would have allowed the code and its 
>features
>to be built directly into the code of commercial operating systems. The LGPL,
>unfortunately, precludes this and thus may hinder the spread of this useful
>technology.
>
>Hopefully, AT&T will reconsider its decision to use the LGPL and will release
>the code under the MIT X license (as it has done with some other software).
>This would allow the code to be incorporated directly into Microsoft's 
>operating
>systems (which, Heaven knows, could use it!) as well as worthy alternative
>operating systems such as BeOS, QNX, etc.
>
>--Brett Glass
>
>At 05:44 AM 4/23/2000, David Farber wrote:
>
> >http://www.wideopen.com/story/762.html
> >
> >Upshot:
> >
> >Released under the General Public License, Libsafe is designed to 
> protect against the most common type of security attack.
> >
> >
> >
> >
> >Wider:
> >
> >*       Libsafe Source Code
> >*       StackGuard Compile
> >Bell Labs, the R&D arm of Lucent Technologies, announced Thursday that 
> it has released Libsafe, a new security software program for Linux. 
> Libsafe prevents intruders from overloading an application's buffer 
> memory to gain unauthorized access to a computer. (Located between two 
> devices that have varying speeds for handling data, a buffer acts as a 
> temporary storage unit or "dam," holding data and then disseminating it 
> at a rate that will not flood the "lower banks.") According to a joint 
> report by the Oregon Graduate Institute of Science and Technology and 
> Darpa, buffer overflows or "stack-smashing attacks" have been the most 
> common type of security exploit during the past 10 years.



----- End forwarded message -----

-- 
Seth David Schoen <schoen at loyalty.org>  | And do not say, I will study when I
Temp.  http://www.loyalty.org/~schoen/  | have leisure; for perhaps you will
down:  http://www.loyalty.org/   (CAF)  | not have leisure.  -- Pirke Avot 2:5

More information about the Crackmonkey mailing list