Preventing Buffer Overflow Exploits, Part 2 Page 3
Buffer overflow exploits are one of the most interesting security vulnerabilities and are used in a majority of security attacks against Linux and Unix-like operating systems. DSM guards against such exploits, and it is implemented as a Linux module. DSM also provides many other features, such as transparently controlling the access in the distributed environment of Linux clustered servers.
Some notes that should be taken into consideration as well:
- There have been a lot of changes in the implementation of DSI from 0.1 to 0.2, then to 0.3, and now to the unstable 0.4. Therefore, please make sure to read the documentation provided with DSI to ensure that what you are trying to experiment is valid for the version of DSI that you are using.
- To get more information, please visit DSI/DigSig Project and subscribe to the DSI mailing list.
In Parts 1 and 2 of this article, we presented and demonstrated that mandatory access control implemented in DSM can prevent against buffer overflow exploits. The security mechanisms were implemented in different levels of the executing system. Because many existing applications are vulnerable to the buffer overflow exploits, one of our goals with DSM was to make the security transparent to the applications, so even the existing programs can be secured without any modifications. The DSM source code is provided as open source and is available for download from the DSI Web site.
This article was originally published on LinuxPlanet.