Preventing Buffer Overflow Exploits Using the Linux Distributed Security Module, Part 2 - page 4
Existing Solutions to Buffer Overflow Exploits
Buffer overflow exploits are one of the most interesting security vulnerabilities and are used in a majority of security attacks against Linux and UNIX-like operating systems. DSM guards against such exploits and it is implemented as a Linux module. DSM also provides many other features such as transparently controlling the access in the distributed environment of Linux clustered servers.
There are some notes which should be taken into consideration as well:
- There have been a lot of changes in the implementation of DSI from 0.1 to 0.2 then to 0.3 now and to the unstable 0.4. Therefore please make sure to read the documentation provided with DSI to ensure that what you are trying to experiment is valid for the version of DSI that you are using.
- To get more information, please visit DSI/DigSig Project and subscribe to the DSI mailing list.
In Parts 1 and 2 of this article, we presented and demonstrated that mandatory access control implemented in DSM can prevent against buffer overflow exploits. The security mechanisms were implemented in different levels of the executing system. Because there are many existing applications that are vulnerable to the buffer overflow exploits, one of our goals with DSM was to make the security transparent to the applications so even the existing programs can be secured without any modifications. The DSM source code is provided as open source and is available for download from the DSI web site.