Toward preventing stack overflow using kernel properties

We contribute to the investigation of buffer overflows by finding a more accurate way of preventing their exploitation. We work at the highest privilege levels and in the safest part of a GNU/Linux system, namely the kernel. We provide a system that allows the kernel to detect overflows and prevent their exploitation. The kernel injects at launch time some (minimal) code into the binary being run, and subsequently uses this code to monitor the execution of that program with respect to its stack use, thus detecting stack overflows. The system stands alone in the sense that it does not need any hardware support; it also works on any program, no matter how that program was conceived or compiled. Beside the theoretical concepts we also present a proof-of-concept patch to the kernel supporting our idea. Overall we effectively show that guarding against buffer overflows at run time is not only possible but also feasible. In addition we take the first steps toward implementing such a defense.