lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1672851502.20040207215815@sandy.ru>
Date: Sat, 7 Feb 2004 21:58:15 +0100
From: Andrey Kolishak <andr@...dy.ru>
To: bugtraq@...urityfocus.com
Subject: Re[2]: http://www.smashguard.org



TdR> By the way, I am pleased to say that my research has shown that the
TdR> AMD PAE NX bit will work in 32 bit mode.  We are trying to make
TdR> modifications that will permit OpenBSD to use it.

you are pleased? your research ?!

you should be aware of fact that feature implemented by Microsoft for
XP which is in beta yet but announced for several months already.

"The 32-bit version of Windows currently leverages the NX processor
feature, as defined by the AMD64 Architecture  Programmer's Manual.
This processor feature requires the  processor run in Physical Address Extension (PAE) mode."

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwxp/html/securityinxpsp2.asp

Best regards,
 Andrey


TdR> Whoa, hold on.  What these vendors are doing to their cpus is not on
TdR> the same scale as what you are suggesting.

TdR> In this regard, all AMD has added (to the amd64) is a per-page
TdR> non-executable bit.  In PAE mode, bit 63 of the PTE becomes a NX bit.

TdR> This is not really all that new.  sparc v8, sparc v9, alpha, and hppa
TdR> have had this for a very long time.  The motorola 88k is also capable
TdR> of this, due to the split mmu handling.  In general cpus like mips,
TdR> vax, m68k, and powerpc cpus are not capable of it.  Some cpus with
TdR> split code & data tlb's are -- if they have software tlb load
TdR> mechanisms -- and some arm cpus fall into this catagory.  But
TdR> performance can suffer significantly if the mechanims are poorly
TdR> designed.

TdR> Some operating systems make use of this.  Such as OpenBSD, for ..
TdR> what.. 2 years now..

TdR> Now why is this not the same as yours?  Even though we have an entire
TdR> operating system modified to operate with as many non-executable page
TdR> as possible, we still consider this a weaker protection mechanism than
TdR> gcc propolice.  However these two very cheap mechanisms can work
TdR> together to improve resistance; fewer bugs can be exploited to control
TdR> flow.





Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ