From: "Randy Brukardt" <randy@rrsoftware.com>
Subject: Re: Arbitrary Sandbox
Date: Wed, 15 Feb 2012 15:07:37 -0600
Date: 2012-02-15T15:07:37-06:00 [thread overview]
Message-ID: <jhh6qr$9av$1@munin.nbi.dk> (raw)
In-Reply-To: 203d63cf-42a9-49ef-82cd-943d77b5e438@c21g2000yqi.googlegroups.com
"Shark8" <onewingedshark@gmail.com> wrote in message
news:203d63cf-42a9-49ef-82cd-943d77b5e438@c21g2000yqi.googlegroups.com...
On Feb 11, 8:10 pm, "Randy Brukardt" <ra...@rrsoftware.com> wrote:
>>
>> Windows and Unix-based systems do not have a properly designed (native)
>> runtime environment -- stuff we did to make Janus/Ada more secure on DOS
>> extenders in the 1980s never made it to OS environments).
>
>Could you elaborate on that? (Both what's needed to make such an
>environment and what was done on Janus/Ada.)
The vast majority of programs do not have self-modifying code, and it
shouldn't be possible for them to run such code in any way. If that's the
case, most code-injection attacks cannot happen.
We used the native segmentation of the Intel hardware to completely separate
code and data in Janus/Ada programs. It was impossible to accidentally
execute data simply because the data wasn't even in the same address space.
Of course, some programs do need self-modifying code, and an OS would have
provided an API for that purpose. But it should have been rarely used.
Now, I recognize that DEP was added to Intel hardware to provide some of
this protection, but the problem is that a lot of programs can't use it
because of the basic architectual mistake (including GNAT programs until
recently, which is why I had to leave it off on my computer - boo). Plus
requiring a new feature to get this protection is annoying as it was always
available in Intel hardware (back to 80286); people just had to use it and
they didn't. (I think that was a consequence of Windows NT copying the bad
Unix memory model more than an intentional decision - and of course the
security issues hadn't popped up so much then). [Aside: Intel has
de-emphasized segments in modern hardware to the point that you probably
couldn't do this today, as you would pay a nasty performance price. Boo
again (understandable, though).]
Randy.
next prev parent reply other threads:[~2012-02-15 21:07 UTC|newest]
Thread overview: 77+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-09 23:47 Arbitrary Sandbox Rob Shea
2012-02-10 0:10 ` Rob Shea
2012-02-10 2:01 ` Tez
2012-02-10 2:21 ` Rob Shea
2012-02-10 2:47 ` Tez
2012-02-10 4:11 ` Shark8
2012-02-13 2:23 ` BrianG
2012-02-10 4:17 ` tmoran
2012-02-10 4:41 ` Rob Shea
2012-02-10 6:15 ` Jeffrey Carter
2012-02-10 6:18 ` Rob Shea
2012-02-10 19:39 ` Jeffrey Carter
2012-02-10 6:19 ` Thomas Løcke
2012-02-10 9:32 ` Rob Shea
2012-02-10 10:09 ` Thomas Løcke
2012-02-10 11:39 ` Ludovic Brenta
2012-02-10 12:05 ` Brian Drummond
2012-02-11 10:32 ` Maciej Sobczak
2012-02-11 11:39 ` Dmitry A. Kazakov
2012-02-11 21:15 ` Maciej Sobczak
2012-02-11 21:38 ` Dmitry A. Kazakov
2012-02-11 23:05 ` Rob Shea
2012-02-13 2:10 ` Tez
2012-02-13 9:08 ` Yannick Duchêne (Hibou57)
2012-02-13 16:28 ` Pascal Obry
2012-02-10 9:47 ` Georg Bauhaus
2012-02-10 11:45 ` Erich
2012-02-10 11:48 ` Ludovic Brenta
2012-02-11 6:11 ` Rob Shea
2012-02-12 2:10 ` Randy Brukardt
2012-02-12 8:40 ` björn lundin
2012-02-14 0:26 ` Shark8
2012-02-15 21:07 ` Randy Brukardt [this message]
2012-02-15 22:10 ` Yannick Duchêne (Hibou57)
2012-02-18 4:47 ` Shark8
2012-02-18 8:26 ` Dmitry A. Kazakov
2012-02-18 10:45 ` Yannick Duchêne (Hibou57)
2012-02-18 11:31 ` Dmitry A. Kazakov
2012-02-18 11:58 ` Niklas Holsti
2012-02-18 12:57 ` Yannick Duchêne (Hibou57)
2012-02-18 18:55 ` Robert A Duff
2012-02-18 19:24 ` Niklas Holsti
2012-02-18 20:06 ` tmoran
2012-02-18 21:53 ` Niklas Holsti
2012-02-18 22:58 ` Robert A Duff
2012-02-19 0:47 ` tmoran
2012-02-20 23:39 ` Robert A Duff
2012-02-21 3:29 ` tmoran
2012-02-21 17:17 ` tmoran
2012-02-21 21:03 ` Robert A Duff
2012-03-06 0:52 ` Randy Brukardt
2012-02-20 22:52 ` Adam Beneschan
2012-02-18 23:03 ` BrianG
2012-02-19 8:45 ` Dmitry A. Kazakov
2012-02-20 23:27 ` Robert A Duff
2012-02-21 8:36 ` Dmitry A. Kazakov
2012-02-21 9:59 ` Simon Wright
2012-02-21 10:59 ` Dmitry A. Kazakov
2012-02-21 17:25 ` Robert A Duff
2012-02-21 18:53 ` Dmitry A. Kazakov
2012-02-21 21:19 ` Robert A Duff
2012-02-22 8:24 ` Dmitry A. Kazakov
2012-02-21 21:25 ` Yannick Duchêne (Hibou57)
2012-02-22 8:26 ` Dmitry A. Kazakov
2012-02-21 8:47 ` Georg Bauhaus
2012-02-21 16:58 ` Robert A Duff
2012-03-06 1:06 ` Randy Brukardt
2012-03-07 5:43 ` Yannick Duchêne (Hibou57)
2012-03-07 13:05 ` Robert A Duff
2012-03-07 19:32 ` tmoran
2012-03-07 20:24 ` Dmitry A. Kazakov
2012-03-08 0:50 ` Robert A Duff
2012-03-08 1:50 ` tmoran
2012-03-08 11:01 ` Brian Drummond
2012-03-08 1:01 ` Shark8
2012-03-08 1:33 ` Randy Brukardt
2012-02-20 20:52 ` Tero Koskinen
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox