Bugtraq mailing list archives
Re: http://www.smashguard.org
From: Theo de Raadt <deraadt () cvs openbsd org>
Date: Mon, 09 Feb 2004 17:04:20 -0700
As Theo said, the AMD buffer overflow "protection" is nothing more than sensible separation of R and X bits per page, fixing a glaring and anomalous defect in the original 386 MMU. Many CPUs before and since had this feature, and it was just Intel slop in the early 1980s that developed an MMU (and associated instruction set) that mistakenly treated R and X per page as one bit.
It's going to get worse before it gets better. At the same time that AMD is per-page X bit support to the x86 architecture, Intel is removing such capability from ARM cpus. And of course mips cpus cannot do it. And it will be ages before x86 compatible cpus like the NSC Geode and such will have it. So pretty much any low-power embedded device you can buy in the future will not have such basic and simple protection. Per-page execute permission functionality in a modern split-TLB CPU is about 80 gates. On a non-split TLB it adds perhaps 80 gates + 20-per line.
Current thread:
- http://www.smashguard.org Hilmi Ozdoganoglu (Feb 02)
- RE: http://www.smashguard.org Dave Paris (Feb 03)
- Re: http://www.smashguard.org Nicholas Weaver (Feb 03)
- RE: http://www.smashguard.org Hilmi Ozdoganoglu (Feb 07)
- Re: http://www.smashguard.org Theo de Raadt (Feb 07)
- Re[2]: http://www.smashguard.org Andrey Kolishak (Feb 09)
- Re: http://www.smashguard.org Crispin Cowan (Feb 09)
- Re: http://www.smashguard.org Theo de Raadt (Feb 10)
- Re: http://www.smashguard.org Nicholas Weaver (Feb 09)
- RE: http://www.smashguard.org Dave Paris (Feb 03)
- Re: http://www.smashguard.org Seth Arnold (Feb 05)