lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <200507291952.j6TJqHIJ029138@turing-police.cc.vt.edu> Date: Fri Jul 29 20:52:26 2005 From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu) Subject: Cisco IOS Shellcode Presentation On Fri, 29 Jul 2005 08:29:35 -1000, Jason Coombs said: > Precisely. And Lynn pointed out that Cisco routers use general purpose > CPUs -- therefore Cisco's own engineers chose purposefully to build a > vulnerable device. All von Neumann architecture processors are equally vulnerable in theory. About all you can do is fix the boot loader and early kernel code to emulate a Harvard architecture (basically, 2 separate memory spaces, one for instructions and one for code, and never the twain shall meet). At that point, things are a little better. However, both von Neumann and Harvard systems are Turing-complete, and therefor have innate theoretical limits (see the Turing Halting Problem for details, and Fred Cohen showed over 20 years ago that the detection of malware is a Turing-equivalent problem. Your only perfect defense here is implementing all of it in a custom ASIC, which in itself is insane - if a logic or timing bug is found, you're looking at having to do a hardware replacement rather than just downloading a new software load. You can cut some of the pain with an FPGA, but that's still a whole different league than a software solution. You think debugging a BGP wedgie(*) is tough now, remember that even IOS is able to do a small amount of introspection and tell you what's going on. That's almost impossible with an ASIC or FPGA based solution... (*) Yes, it's really called that. Google for 'BGP Wedgie' if you don't believe me. :) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050729/ef6261af/attachment.bin
Powered by blists - more mailing lists