Re: For those of you that don't know....

[pageexec () freemail hu]

> What's so great about it ? It's hard to judge from the "whitepapers"
> what the underlying technology is -- I'd take a rough guess that they 
> analyse calls-to-relations and insert checks so that they are enforced.
> Any > additional information ?

google for papers on 'program shepherding' (the main guy behind it
is Vladimir Kiriansky). basically they have an in-process monitor
that controls execution flow by ensuring that control transfers don't
violate some policy (e.g. no transfer to a writable region is allowed
-> W^X).

since the monitor is in-process it can be subject to attack itself,
so they have to go thru some hops and the academic version didn't quite
scale well on multithreaded apps, but presumably some of these issues
have been solved since (if someone can get a demo, let me know ;-).

in terms of theoretical strength, program shepherding is even stronger
than current PaX because they can prevent certain (most?) forms of the
ret2libc style attack (read the papers, there's some work on pointer
analysis in there, i'm sure you'll like it ;-).

there's an interesting duality between non-exec pages (PaX) and this
program shepherding: the latter uses runtime code generation that the
former wants to prevent, yet they effectively achieve the same thing.

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave