[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <018d01c39e90$94514860$7b00a8c0@BillDell>
From: full-disclosure at royds.net (Bill Royds)
Subject: System monitor scheme
Hardware that separates code from data has been around since the 60's. The
x86 (486 and above) line can do it with segment registers, but most
compilers find it too difficult and the overhead of switching state too much
for many tasks.
The SPARC has systems monitors built into hardware and so does the Pentium
4. All one does is load registers that mark an areas of memory as being read
only. Any attempts to modify it triggers an interrupt.
----- Original Message -----
From: "Caraciola" <caraciola@....net>
To: <Glenn_Everhart@...kone.com>
Cc: "mailinglist full-disclosure" <full-disclosure@...ts.netsys.com>
Sent: Wednesday, October 29, 2003 3:36 PM
Subject: Re: [Full-Disclosure] System monitor scheme
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> That will open a big can of worms.... to start the exeloader has to supply
an
> image of TEXT and CODE segments (x86), feed that to a function which
> fingerprints this ( PoC with gnupg ?), a daemon has to check every
> process/thread each ? second or so, housekeeping of the results... i think
it
> will be costly in performance terms. And where do you start, it would have
to
> be done on the OS itself, should spread of course to the disk-images of
exes
> and so on. In the end you will need hardware to secure the machine itself
(
> heard of TCPA ?). Easiest way to achieve this would be a machine with
> seperate memory for data and program, so the hardware grants there is no
> write to the code area after initial load.....
>
> have fun thinking about the ins and outs of this ...
>
> Caraciola
>
>
>
>
>
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
> >
> >
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
>
> iD8DBQE/oCTUANzMondHN+cRAr9+AJ4jw2OA/OUpNbIOy/whf4VVqnW73wCgsK/J
> 1117UGVkdEpu27nVYV4Pfsc=
> =2A1L
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists