FormatShield is a library that intercepts call to vulnerable functions and uses binary rewriting to defend against format string attacks. It identifies the vulnerable call sites in a running process and dumps the corresponding context information in the ELF binary of the process. Attacks are detected when format specifiers are found at these contexts of the vulnerable call sites.
FormatShield provides wrappers for the following libc functions:
On detecting an attack, the victim process is killed and a log is written to syslog. More details about the inner working of FormatShield are available in the research paper.
Formatshield source is licensed as GNU GPL v3 and is archived on github. It is available only for testing/research, please use it at your own risk.