From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,af0c6ea85f3ed92d X-Google-NewGroupId: yes X-Google-Attributes: gida07f3367d7,domainid0,public,usenet X-Google-Language: ENGLISH,ASCII-7-bit Received: by 10.68.135.231 with SMTP id pv7mr1834749pbb.8.1329340061291; Wed, 15 Feb 2012 13:07:41 -0800 (PST) MIME-Version: 1.0 Path: wr5ni29266pbc.0!nntp.google.com!news2.google.com!volia.net!news2.volia.net!feed-A.news.volia.net!news.musoftware.de!wum.musoftware.de!newsfeed.straub-nv.de!nuzba.szn.dk!news.jacob-sparre.dk!munin.sparre-andersen.dk!pnx.dk!.POSTED!not-for-mail From: "Randy Brukardt" Newsgroups: comp.lang.ada Subject: Re: Arbitrary Sandbox Date: Wed, 15 Feb 2012 15:07:37 -0600 Organization: Jacob Sparre Andersen Research & Innovation Message-ID: References: <2aaee0a4-e820-4a75-bbaf-d9d09c366d2c@f5g2000yqm.googlegroups.com> <4da4bf75-e6c9-4c17-9072-ab6f533ed93f@vd8g2000pbc.googlegroups.com> <203d63cf-42a9-49ef-82cd-943d77b5e438@c21g2000yqi.googlegroups.com> NNTP-Posting-Host: static-69-95-181-76.mad.choiceone.net X-Trace: munin.nbi.dk 1329340060 9567 69.95.181.76 (15 Feb 2012 21:07:40 GMT) X-Complaints-To: news@jacob-sparre.dk NNTP-Posting-Date: Wed, 15 Feb 2012 21:07:40 +0000 (UTC) X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2900.5931 X-RFC2646: Format=Flowed; Original X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157 Date: 2012-02-15T15:07:37-06:00 List-Id: "Shark8" wrote in message news:203d63cf-42a9-49ef-82cd-943d77b5e438@c21g2000yqi.googlegroups.com... On Feb 11, 8:10 pm, "Randy Brukardt" wrote: >> >> Windows and Unix-based systems do not have a properly designed (native) >> runtime environment -- stuff we did to make Janus/Ada more secure on DOS >> extenders in the 1980s never made it to OS environments). > >Could you elaborate on that? (Both what's needed to make such an >environment and what was done on Janus/Ada.) The vast majority of programs do not have self-modifying code, and it shouldn't be possible for them to run such code in any way. If that's the case, most code-injection attacks cannot happen. We used the native segmentation of the Intel hardware to completely separate code and data in Janus/Ada programs. It was impossible to accidentally execute data simply because the data wasn't even in the same address space. Of course, some programs do need self-modifying code, and an OS would have provided an API for that purpose. But it should have been rarely used. Now, I recognize that DEP was added to Intel hardware to provide some of this protection, but the problem is that a lot of programs can't use it because of the basic architectual mistake (including GNAT programs until recently, which is why I had to leave it off on my computer - boo). Plus requiring a new feature to get this protection is annoying as it was always available in Intel hardware (back to 80286); people just had to use it and they didn't. (I think that was a consequence of Windows NT copying the bad Unix memory model more than an intentional decision - and of course the security issues hadn't popped up so much then). [Aside: Intel has de-emphasized segments in modern hardware to the point that you probably couldn't do this today, as you would pay a nasty performance price. Boo again (understandable, though).] Randy.