[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: http://www.smashguard.org

To: Pavel Machek <pavel@xxxxxx>
Subject: Re: http://www.smashguard.org
From: Crispin Cowan <crispin@xxxxxxxxxxx>
Date: Thu, 29 Apr 2004 16:24:08 -0700

Pavel Machek wrote:

The idea is not to create "custom CPUs" but to have our modification picked up by major vendors. Clearly there is interest in applying hardware to solve security issues based on the latest press releases

from AMD that AMD chips include buffer-overflow protection (see

Computer World, January 15, 2004).

As Theo said, the AMD buffer overflow "protection" is nothing more than sensible separation of R and X bits per page, fixing a glaring and

Actually it is not "sensible", and it is not separation.

You can have r--, r-x, but you can't have --x.

But that is *exactly* what is meant by "separation" of R and X.

I have no idea what you mean by it not being "sensible". Most every CPU I have ever seen does this except the x86. Someone apparently thought there was no value in separate R and X bits for the i386 back in the mid-80s. It was a false economy :)

Crispin

--
Crispin Cowan, Ph.D.  http://immunix.com/~crispin/
CTO, Immunix          http://immunix.com
Immunix 7.3           http://www.immunix.com/shop/

Follow-Ups:
- Re: http://www.smashguard.org
  - From: Pavel Machek
- Re: http://www.smashguard.org
  - From: Theo de Raadt

References:
- Re: http://www.smashguard.org
  - From: Pavel Machek

Prev by Date: [RHSA-2004:181-01] Updated libpng packages fix crash
Next by Date: Re: Multi stage attacks on networks?
Previous by thread: Re: http://www.smashguard.org
Next by thread: Re: http://www.smashguard.org
Index(es):
- Date
- Thread