“This patch is a collection of security-related features for
the Linux kernel, all configurable via the new ‘Security options’
configuration section. In addition to the new features, some
versions of the patch contain various security fixes. The
number of such fixes changes from version to version, as some are
becoming obsolete (such as because of the same problem getting
fixed with a new kernel release), while other security issues are
discovered.”
“Most buffer overflow exploits are based on overwriting a
function’s return address on the stack to point to some arbitrary
code, which is also put onto the stack. If the stack area is
non-executable, buffer overflow vulnerabilities become harder to
exploit.”
“Another way to exploit a buffer overflow is to point the return
address to a function in libc, usually system(). This patch also
changes the default address that shared libraries are mmap()’ed at
to make it always contain a zero byte. This makes it impossible to
specify any more data (parameters to the function, or more copies
of the return address when filling with a pattern), — in many
exploits that have to do with ASCIIZ strings.”
“However, note that this patch is by no means a complete
solution, it just adds an extra layer of security. Many buffer
overflow vulnerabilities will remain exploitable a more complicated
way, and some will even remain unaffected by the patch. The reason
for using such a patch is to protect against some of the buffer
overflow vulnerabilities that are yet unknown.”
Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.
LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.