lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <41A2674B.9070105@edelweb.fr> Date: Mon, 22 Nov 2004 23:25:15 +0100 From: Nicolas RUFF <ruff.lists@...lweb.fr> To: bugtraq@...urityfocus.com Subject: Hardware support for XP SP2 DEP not enabled by default ? Windows XP SP2 comes out with a nice security feature : Data Execution Prevention (DEP). DEP is a mix of several techniques which all aim to achieve some kind of anti-buffer overflow protection : - Software : recompilation of system files with the /GS flag, etc. - Hardware : DEP can use hardware-enforced protection, namely the NX bit of AMD64 processors and the XD bit of latest Intel Pentium IV, to mark memory pages as "non executable". DEP can be enabled/disabled through Windows Control Panel, which has the effect of setting the "/NoExecute=" kernel parameter inside "BOOT.INI". According to the following article, PAE (Physical Address Extension) mode must be enabled for using hardware supported DEP, but automatically enabled if DEP is selected : http://support.microsoft.com/kb/875352 However, on my computer (Windows XP SP2 32-bit edition + AMD64 Athlon 3000+), hardware supported DEP does *not* work by default, even with "/NoExecute=AlwaysOn". I must add manually the "/PAE" boot parameter inside "BOOT.INI". It means that using default XP SP2 installation, you do not benefit from "Enhanced Virus Protection"* even if you bought an AMD64, unless you edit manually the "system hidden read-only" file BOOT.INI. * http://www.amd.com/us-en/Weblets/0,,7832_11104_11105,00.html Regards, - Nicolas RUFF ----------------------------------- Security Consultant EdelWeb (http://www.edelweb.fr/) Mail : nicolas.ruff (at) edelweb.fr -----------------------------------
Powered by blists - more mailing lists