Preventing Buffer Overflow Exploits Using the Linux Distributed Security Module, Part 2 - page 2
Existing Solutions to Buffer Overflow Exploits
The mandatory access control implemented in DSM is not limited to the traditional two levels of security: root and user. Rather, the security policy, which is independent from the implementation, decides the access rights of the executing process. DSM is based on the LSM infrastructure. The LSM framework does not provide any extra security in the Linux kernel. Rather, it provides the infrastructure to support the development of security modules. The LSM kernel patch adds security fields to kernel data structures and inserts calls (called hooks) at special points in the kernel code to perform a module-specific access control checks.
We will come back to our example in Part 1's Listing 4 where we tried to spawn the shell with root privileges. In order to do this, the buffer overflow program must call the system call
Figure 1 provides an overview of how the Linux kernel interacts with the DSM module to prevent the buffer overflow exploits. When the vulnerable process performs the
execve system call , the hook will pass the control to DSM . DSM, based on the loaded policy , will grant or reject the access. In our case, we want to prove that DSM will stop executing the cracked program.
So how do we accomplish this?