The Linux Virtual Memory System: Security And Buffer Overflows

Learn how Linux protects​ itself using different defense mechanisms against​ buffer overflow attacks.

Probably the biggest difference between modern VM systems (Linux, Solaris, or one of the BSD variants) and ancient ones (VAX/VMS) is the emphasis on security in the modern era. Protection has always been a serious concern for operating systems, but with machines more interconnected than ever, it is no surprise that developers have implemented a variety of defensive countermeasures to halt those wily hackers from gaining control of systems.

Buffer overflow attacks

One major threat is found in buffer overflow attacksSee for some details and links about this topic, including a reference to the famous article by the security hacker Elias Levy, also known as “Aleph One”., which can be used against normal user programs and even the kernel itself. The idea of these attacks is to find a bug in the target system which lets the attacker inject arbitrary data into the target’s address space. Such vulnerabilities sometimes arise because the developer assumes (erroneously) that an input will not be overly long, and thus (trustingly) copies the input into a buffer; because the input is in fact too long, it overflows the buffer, thus overwriting memory of the target. Code as innocent as the below can be the source of the problem:

Get hands-on with 1200+ tech skills courses.