Language Selection

English French German Italian Portuguese Spanish

Preventing Buffer Overflow Exploits

Filed under
Security

Internet servers, including Web, e-mail, and FTP servers have long been a target of different kinds of attacks aiming to disable them from providing services to their respective users. One particular exploit, which has become almost ubiquitous in the last several years, is the buffer overflow exploit.

Buffer Overflow Exploit in Action

A successful buffer overflow exploit has four steps:
1. Find a process that is vulnerable to the buffer overflow exploits
2. In order to inject the most damage, the process should run with root privileges.
3. Decide what to execute as a result of buffer overflow exploit
4. Find a way from the vulnerable process to start the chosen process

The troubling thing about buffer overflow exploits is that good programming practices could wipe out even potential exploits; however, that simply has not happened. The defense against such exploits should revolve around controlling access to sensitive systems, installing software updates that replace exploitable software, and being aware of what a buffer overflow exploit looks like when your system is the intended victim.

Part 1.

Part 2.

More in Tux Machines

Customers reporting interest in cloud, containers, Linux, OpenStack for 2015

As 2014 comes to a close and IT departments reflect on their initiatives heading into the new year, we asked a group of 115 Red Hat customers -- ranging from Fortune 500 companies to small businesses -- about their priorities for 2015. What we heard from the respondents is promising going into the new year: Budgets are increasing (or at least staying the same); Linux adoption is increasing; cloud deployments will be dominantly private or hybrid; OpenStack is hot; and interest in containers is emerging. Read more

Multi-Stream Transport 4K Monitors To Become Better Supported On Linux

For a number of months David Airlie at Red Hat has been working on DisplayPort Multi-Stream Transport (DP MST) handling for Linux. Keith Packard over at Intel is now playing with DP MST too for bettering modern 4K display support on Linux within X.Org Server based environments. Read more

Enhancing Your Work Habits with KDE

As I write, at least six desktop environments are popular among free software users. However, even with long familiarity, none of the others come close to the versatility of KDE. KDE starts with the classic desktop and adds many of the features that other desktops include, such as panel widgets and special effects. Some of its features, such as hot spots on the screen edges, were unique a few years ago but have since been added to other environments (e.g., Cinnamon). Moreover, even now, few other desktops offer the same degree of customization as KDE, whose settings include options for bringing a window into focus and actions to take when an external device is plugged in. However, where KDE truly excels is in enhancements that extend the traditional desktop and give users new ways to work. Tabbed windows, Desktop Layouts, Activities – all of these are relatively simple improvements on the desktop, but the effect of even the simplest on your work habits can be enough to make you impatient with the limitations of other desktops. Read more

It’s Christmas in FOSS-land!

See, Mageia is a community-driven Linux distribution. Everybody here volunteers and does the work because he or she can and because they want to contribute. The money that we collect in donations goes to paying for server costs, hardware repairs and upgrades, supporting booths and handing out merchandise at conventions (and in one case, flying in a repair person when everything broke). Read more