USENIX Conference Policies
FormatGuard: Automatic Protection From printf Format String Vulnerabilities
In June 2000, a major new class of vulnerabilities called "format bugs" was discovered when an vulnerability in WU-FTP appeared that acted almost like a buffer over-flow, but wasnÕt. Since then, dozens of format string vulnerabilities have appeared. This paper describes the format bug problem, and presents FormatGuard: our proposed solution. FormatGuard is a small patch to glibc that provides general protection against format bugs. We show that FormatGuard is effective in protect-ing several real programs with format vulnerabilities against live exploits, and we show that FormatGuard imposes minimal compatibility and performance costs.
BibTeX
@inproceedings {270910,
author = {Matt Barringer and Mike Frantzen and Jamie Lokier},
title = {{FormatGuard}: Automatic Protection From printf Format String Vulnerabilities},
booktitle = {10th USENIX Security Symposium (USENIX Security 01)},
year = {2001},
address = {Washington, D.C.},
url = {https://www.usenix.org/conference/10th-usenix-security-symposium/formatguard-automatic-protection-printf-format-string},
publisher = {USENIX Association},
month = aug
}
author = {Matt Barringer and Mike Frantzen and Jamie Lokier},
title = {{FormatGuard}: Automatic Protection From printf Format String Vulnerabilities},
booktitle = {10th USENIX Security Symposium (USENIX Security 01)},
year = {2001},
address = {Washington, D.C.},
url = {https://www.usenix.org/conference/10th-usenix-security-symposium/formatguard-automatic-protection-printf-format-string},
publisher = {USENIX Association},
month = aug
}