Bugtraq mailing list archives

Re: http://www.smashguard.org

From: Crispin Cowan <crispin () immunix com>
Date: Thu, 29 Apr 2004 16:24:08 -0700

Pavel Machek wrote:

The idea is not to create "custom CPUs" but to have our modification
picked up by major vendors.  Clearly there is interest in applying
hardware to solve security issues based on the latest press releases
from AMD that AMD chips include buffer-overflow protection (see
Computer World, January 15, 2004).
As Theo said, the AMD buffer overflow "protection" is nothing more thansensible separation of R and X bits per page, fixing a glaring and


Actually it is not "sensible", and it is not separation.

You can have r--, r-x, but you can't have --x.

But that is *exactly* what is meant by "separation" of R and X.

I have no idea what you mean by it not being "sensible". Most every CPUI have ever seen does this except the x86. Someone apparently thoughtthere was no value in separate R and X bits for the i386 back in themid-80s. It was a false economy :)


Crispin

--
Crispin Cowan, Ph.D.  http://immunix.com/~crispin/
CTO, Immunix          http://immunix.com
Immunix 7.3           http://www.immunix.com/shop/

Current thread:

Re: http://www.smashguard.org Pavel Machek (Apr 30)
- Re: http://www.smashguard.org Crispin Cowan (Apr 30)
  - Re: http://www.smashguard.org Pavel Machek (Apr 30)
    - Re: http://www.smashguard.org Nicholas Weaver (May 01)
  - Re: http://www.smashguard.org Theo de Raadt (May 01)
- Re: http://www.smashguard.org Coleman Kane (May 01)
- Re: http://www.smashguard.org Theo de Raadt (May 01)