Penetration Testing mailing list archives
Re: [PEN-TEST] Crusoe chip. (fwd)
From: "Shetron, Richard" <multics () ruserved com>
Date: Wed, 8 Nov 2000 08:18:14 -0500
You might want to look at some of the Multics information at www.multicians.org regarding security. IIRC out of the box, Multics installs at a B2 security level. Multics had read, execute, write protection flags on all segments enforced by hardware and used by software. Stacks/heaps were alwasy read/write, programs were always read/execute. There was also a ring protection as well. Instead of just user/superviser modes there were 4 superviser modes and 4 user modes. A lower security mode was not allowed to change or access a higher security mode segment depending on the 'ring brackets'.
From the Multics standpoint, this discussion on stack/heap protection
is late 60's technology and has been in standard use for over 30 years. Forwarded message:
As Craig said, the good folks on Bugtraq have demonstrated that preventing execution in the stack doesn't actually add important protection, it just changes the way you have to mount your attack. Furthermore, it would break various techniques that various language implementations use, that legitimately require executing in the stack. Some compilers like to generate code that installs trampoline instructions into the stack (I believe this is mostly to help ease interfacing between wildly different calling conventions); some compile-n-go implementations might want to execute out of stack storage. If there were a real and important security benefit to a non-exec stack, then the potential compatibility problems could be lived with, as each could be fixed if the implementor chose. But they point up a potential cost, and as the only benefit to a non-exec stack is effectively security through obscurity --- if the attacker knows you're doing it they can dodge --- it just doesn't seem worth implementing. Of course the benefit would be greatest if you did a private, one-off implementation. But implementation costs, and costs of dealing with any resulting compatibility problems, are the highest --- because they're not shared --- for such one-offs. -Bennett
-- Richard Shetron multics () ruserved com multics () acm rpi edu NO UCE What is the Meaning of Life? There is no meaning, It's just a consequence of complex carbon based chemistry; don't worry about it The Super 76, "Free Aspirin and Tender Sympathy", Las Vegas Strip.
Current thread:
- Re: [PEN-TEST] Crusoe chip. (fwd) Shetron, Richard (Nov 09)