lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 29 Apr 2004 16:24:08 -0700
From: Crispin Cowan <crispin@...unix.com>
To: Pavel Machek <pavel@....cz>
Cc: Hilmi Ozdoganoglu <cyprian@...due.edu>,
	Dave Paris <dparis@...orks.com>, bugtraq@...urityfocus.com
Subject: Re: http://www.smashguard.org


Pavel Machek wrote:

>>>The idea is not to create "custom CPUs" but to have our modification
>>>picked up by major vendors.  Clearly there is interest in applying
>>>hardware to solve security issues based on the latest press releases
>>>      
>>>
>>>from AMD that AMD chips include buffer-overflow protection (see
>>    
>>
>>>Computer World, January 15, 2004).
>>>
>>>      
>>>
>>As Theo said, the AMD buffer overflow "protection" is nothing more than 
>>sensible separation of R and X bits per page, fixing a glaring and 
>>    
>>
>
>Actually it is not "sensible", and it is not separation.
>
>You can have r--, r-x, but you can't have --x.
>  
>
But that is *exactly* what is meant by "separation" of R and X.

I have no idea what you mean by it not being "sensible". Most every CPU 
I have ever seen does this except the x86. Someone apparently thought 
there was no value in separate R and X bits for the i386 back in the 
mid-80s. It was a false economy :)

Crispin

-- 
Crispin Cowan, Ph.D.  http://immunix.com/~crispin/
CTO, Immunix          http://immunix.com
Immunix 7.3           http://www.immunix.com/shop/



Powered by blists - more mailing lists