From: "Warren W. Gay VE3WWG" <ve3wwg@cogeco.ca>
Subject: Re: Partial Hardware Protection for Buffer Overrun Exploits
Date: Mon, 21 Apr 2003 12:42:54 -0400
Date: 2003-04-21T12:42:54-04:00 [thread overview]
Message-ID: <3EA41F8E.8030305@cogeco.ca> (raw)
In-Reply-To: v9udo9a35fk62a@corp.supernews.com
Randy Brukardt wrote:
> Warren W. Gay VE3WWG wrote in message <3E9ED2E7.80807@cogeco.ca>...
>
>>I can't say that I am familiar with this hardware, but I sense that
>>you might misunderstand my suggested approach. I am _not_ suggesting
>>in _this_ proposal that executed code must be in a read-only
>>segment (text region), but that the new RETURN instruction only
>>accept valid addresses in the read-only segments (ie. text region).
>
> That's equivalent to saying that the stack not be marked as executable
> code. And it shouldn't anyway, I think it is idiotic that any modern OS
> uses a model with no separation of code and data.
For most of _my_ code, that is probably true. However, JVM types
of processes may disagree. They need to be able to assemble
code on the fly and then give them control.
However, I think you could regulate this with some "per thread/process
flag".
> Janus/Ada for the Pharlap DOS Extender always did this. The Intel
> processor only allows Read-Execute and Read-Write access to segments
> (but not both). The DOS Extender (and Windows and Linux do this too) get
> around this 'limitation' by providing mirrored segment values that point
> at the same memory. What our DOS Extender compiler did was to allocate
> the real data area using an OS call, then replaced all of the writable
> segment descriptors with the one from the allocation -- including the
> stack. (That was a bit tricky!). Then, it was impossible to write the
> code segment or execute the data segment without a trap. That caught
> plenty of bugs in the implementation of the compiler.
I would have thought that Linux/FreeBSD/Windows would have been taking
advantage of this already. Is it true that "text" is not read
only there? What a waste if they make that RW(!)
> This is such an obvious idea that it's getting implemented in BSD. I saw
> this article yesterday:
>
> http://news.com.com/2100-1002-996584.html
I don't think much of the "random placement" idea, though I
supposed they are being forced to deal with a problem that should
be fixed in hardware (IMHO).
> My only question is why they didn't do this years ago. The Intel
> hardware has always supported it...
>
> Randy.
Yes, indeed. In fact, it might be useful to go one step further,
and add an execute bit (I am under the impression Intel doesn't
make this distinction). Then you could distinguish between
RO constants and X code.
--
Warren W. Gay VE3WWG
http://home.cogeco.ca/~ve3wwg
next prev parent reply other threads:[~2003-04-21 16:42 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-04-16 16:54 Partial Hardware Protection for Buffer Overrun Exploits Warren W. Gay VE3WWG
2003-04-16 17:28 ` Vinzent Hoefler
2003-04-17 16:33 ` Warren W. Gay VE3WWG
2003-04-17 21:29 ` Robert A Duff
2003-04-16 19:13 ` Brian Catlin
2003-04-17 15:00 ` Bob French
2003-04-17 16:14 ` Warren W. Gay VE3WWG
2003-04-17 23:22 ` Randy Brukardt
2003-04-21 16:42 ` Warren W. Gay VE3WWG [this message]
2003-04-21 17:26 ` tmoran
2003-04-22 1:40 ` Frank J. Lhota
2003-04-22 21:15 ` Robert A Duff
2003-04-22 21:19 ` Ed Falis
2003-04-24 2:00 ` Randy Brukardt
2003-04-24 13:49 ` Ed Falis
2003-04-24 18:42 ` Randy Brukardt
2003-04-24 18:49 ` Ed Falis
2003-04-17 21:22 ` Robert A Duff
2003-04-21 16:33 ` Warren W. Gay VE3WWG
2003-04-21 19:28 ` Robert A Duff
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox