[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200402100004.i1A04Kbe008387@cvs.openbsd.org>
Date: Mon, 09 Feb 2004 17:04:20 -0700
From: Theo de Raadt <deraadt@....openbsd.org>
To: Crispin Cowan <crispin@...unix.com>
Cc: Hilmi Ozdoganoglu <cyprian@...due.edu>,
Dave Paris <dparis@...orks.com>, bugtraq@...urityfocus.com
Subject: Re: http://www.smashguard.org
> As Theo said, the AMD buffer overflow "protection" is nothing more than
> sensible separation of R and X bits per page, fixing a glaring and
> anomalous defect in the original 386 MMU. Many CPUs before and since had
> this feature, and it was just Intel slop in the early 1980s that
> developed an MMU (and associated instruction set) that mistakenly
> treated R and X per page as one bit.
It's going to get worse before it gets better.
At the same time that AMD is per-page X bit support to the x86
architecture, Intel is removing such capability from ARM cpus. And of
course mips cpus cannot do it. And it will be ages before x86
compatible cpus like the NSC Geode and such will have it.
So pretty much any low-power embedded device you can buy in the future
will not have such basic and simple protection.
Per-page execute permission functionality in a modern split-TLB CPU is
about 80 gates. On a non-split TLB it adds perhaps 80 gates + 20-per
line.
Powered by blists - more mailing lists