Penetration Testing mailing list archives
Re: [PEN-TEST] Crusoe chip.
From: c0ncept <c0ncept () HUSHMAIL COM>
Date: Tue, 21 Nov 2000 09:17:17 -0800
-----BEGIN PGP SIGNED MESSAGE----- There was recently a thread about his on one of Security Focuses other mailing lists. The general consensus seemed to be that a no-exec stack wouldn't prevent buffer overflow exploits, just implementing them more difficult. As long as it's possible to overwrite the next instruction pointer, it's still exploitable via a call into the c library (think system(), execl()). Also, some programs require an exacutable stack -- i believe this is discussed in the Immunix documentation. - --c0ncept [ For the full thread, consult the archives -- it's definately worth reading ]. - -----Original Message----- From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf Of Ben Ford Sent: Monday, November 06, 2000 3:31 PM To: PEN-TEST () SECURITYFOCUS COM Subject: [PEN-TEST] Crusoe chip. I just had an interesting conversation that sparked an idea. One of the major problems we have regarding security is the fact that the stack on the x86 architecture is executable. Because of that, when we have a buffer overflow, arbitrary code can be executed. My question is this: Because the x86 architecture is only software emulated on the Crusoe chip, could that chip (or the software layer emulating the x86) detect when a buffer overflow was happening and head off any code execution, thereby eliminating the root exploit? Seems to me that would be a big plus . . . . . . - -b -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQEVAwUBOhqsUNfiGO9Bpo5jAQEcPAf8DrTpkHNK2aTsNFQXooUO0ZJnrjv1TeT6 3HA41D4HiO/2HIIeiAzzR/I3PSlsJdpR4z0z1Eq9VQF+CF4h1QMrp0Sj7/fASGUu 7w2zI7a3otbS6nx2dTktjSiYS4nULon7Qto69M85hRyOybH7+rpGK4gzbUAFWoZi 2D220CLOwcCFt/KPUSoBpEOwO4Gul1r6Mct62LzGIYdjrDODI7X8HdRQx3HvTOMa AKK6VPpj/wgKG5JQMtDbldUFMRq67az1S4p6JEhkhNyaaA8sKDirzKqaAWCPo5u5 c6l21o20V22a7vl8qrxXUhi0C1gEibkBJxk9oCnhc0ObB3V7mjY4Gg== =X9TI -----END PGP SIGNATURE-----
Current thread:
- [PEN-TEST] Crusoe chip. Ben Ford (Nov 07)
- Re: [PEN-TEST] Crusoe chip. Craig Anderson (Nov 07)
- Re: [PEN-TEST] Crusoe chip. Bennett Todd (Nov 08)
- Re: [PEN-TEST] Crusoe chip. Robert van der Meulen (Nov 08)
- Re: [PEN-TEST] Crusoe chip. Craig Anderson (Nov 08)
- Re: [PEN-TEST] Crusoe chip. Robert van der Meulen (Nov 09)
- Re: [PEN-TEST] Crusoe chip. Craig Anderson (Nov 08)
- Re: [PEN-TEST] Crusoe chip. c0ncept (Nov 22)
- Re: [PEN-TEST] Crusoe chip. Craig Anderson (Nov 07)