lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 7 Feb 2004 10:11:36 -0800
From: Nicholas Weaver <nweaver@...berkeley.edu>
To: Hilmi Ozdoganoglu <cyprian@...due.edu>
Cc: Dave Paris <dparis@...orks.com>, bugtraq@...urityfocus.com
Subject: Re: http://www.smashguard.org


On Fri, Feb 06, 2004 at 03:29:30PM -0500, Hilmi Ozdoganoglu composed:
> 
>         Agreed, the software based approach does not take a significant
> performance hit, but the hardware approach is transparent to the user
> and does not require recompilation of the source code. Therefore, all
> programs can run securely on a machine whether or not they are "compiled
> securely" (e.g. legacy software).

Not all control flow follows stack logic.  So you can't claim
backwards compatibility on all programs.

What happens if you are compiling continuations, such as a
high-performance ML or scheme environment?  

A scheme environment may often need to keep around call-stacks after
they are exited, because call-with-current-continuation can cause them
to be reentered again.

Similarly, you mention the problem with user-land threads, yet
specifically don't solve it (just handwave it a bit).

Likewise, what happens on table-blowout?  You are using fixed-sized
tables, what happens when they fill up (and they WILL fill up.
Resources in a CPU should be 0, 1, or infinite, at least from the
user's point of view).

-- 
Nicholas C. Weaver                                 nweaver@...berkeley.edu


Powered by blists - more mailing lists