| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200405010045.i410jg9M010605@cvs.openbsd.org> Date: Fri, 30 Apr 2004 18:45:42 -0600 From: Theo de Raadt <deraadt@....openbsd.org> To: Pavel Machek <pavel@....cz> Cc: Crispin Cowan <crispin@...unix.com>, Hilmi Ozdoganoglu <cyprian@...due.edu>, Dave Paris <dparis@...orks.com>, bugtraq@...urityfocus.com Subject: Re: http://www.smashguard.org > > >The idea is not to create "custom CPUs" but to have our modification > > >picked up by major vendors. Clearly there is interest in applying > > >hardware to solve security issues based on the latest press releases > > >from AMD that AMD chips include buffer-overflow protection (see > > >Computer World, January 15, 2004). > > > > > As Theo said, the AMD buffer overflow "protection" is nothing more than > > sensible separation of R and X bits per page, fixing a glaring and > > Actually it is not "sensible", and it is not separation. > > You can have r--, r-x, but you can't have --x. Oh for the record. A few chips make it possible to have --x permissions. alpha (I am not positive) sparc64 (I am not positive) ia64 hppa amd29k m88k The first two have software tlb refillers with a split tlb architecture, but I am not sure if there is tlb "leak" The next three have specific page table bits for kernel (r w x) and user (r w x). The last has a harvard-style split mmu (entirely different mmu for code and data), and it should be possible to play games to do it...
Powered by blists - more mailing lists