Short bio: Computer Scientist, FOSS supporter (read more)
Tux Machines (TM)-specific
The Holy Grail of most any hacker trying to get access to a system is the remote buffer overflow attack. Well, actually, it's finding a Windows PC not protected by a firewall, but the remote buffer overflow attack is a (somewhat) close second. This article will discus one way to help protect against this type of attack on a Slackware Linux system with the installation of a special system called exec-shield.
This installation will occur in two phases. The first phase is installing the exec-shield kernel patch, the second is replacing some of Slackware's packages with ones that are compiled to work together with exec-shield.
What is a Buffer Overflow Attack?
Before we explain how to protect against a buffer overflow attack, it is useful to examine what exactly this attack is and what the ramifications are for an unprotected system.
The best way to secure against a buffer overflow attack is to run software that isn't vulnerable to such attacks.
In order for a malicious attacker to get your system to do what the attacker wants it to do by using a buffer overflow to rewrite a return address, the attacker has to know the exact address in memory on your system of a useful function.