The mandatory access control implemented in DSM is not limited to the traditional two levels of security: root and user. Rather, the security policy, which is independent from the implementation, decides the access rights of the executing process. DSM is based on the LSM infrastructure. The LSM framework does not provide any extra security in the Linux kernel. Rather, it provides the infrastructure to support the development of security modules. The LSM kernel patch adds security fields to kernel data structures and inserts calls (called hooks) at special points in the kernel code to perform a module-specific access control checks.

We will come back to our example in Part 1's Listing 4 where we tried to spawn the shell with root privileges. In order to do this, the buffer overflow program must call the system call execve.

Figure 1 provides an overview of how the Linux kernel interacts with the DSM module to prevent the buffer overflow exploits. When the vulnerable process performs the execve system call [1], the hook will pass the control to DSM [2]. DSM, based on the loaded policy [3], will grant or reject the access. In our case, we want to prove that DSM will stop executing the cracked program.

So how do we accomplish this?

Next: DSM Preventing Buffer Overflow Exploits »