Re: [PEN-TEST] Crusoe chip.

[c0ncept <c0ncept () HUSHMAIL COM>]

-----BEGIN PGP SIGNED MESSAGE-----


There was recently a thread about his on one of Security Focuses
other mailing lists. The general consensus seemed to be that a
no-exec stack wouldn't prevent buffer overflow exploits, just
implementing them more difficult. As long as it's possible to
overwrite the next instruction pointer, it's still exploitable via a
call into the c library (think system(), execl()).

Also, some programs require an exacutable stack -- i believe this is
discussed in the Immunix documentation.

- --c0ncept

[ For the full thread, consult the archives -- it's definately worth
reading ].

- -----Original Message-----
From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On
Behalf
Of Ben Ford
Sent: Monday, November 06, 2000 3:31 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: [PEN-TEST] Crusoe chip.


I just had an interesting conversation that sparked an idea.  One of
the
major problems we have regarding security is the fact that the stack
on
the x86 architecture is executable.  Because of that, when we have a
buffer overflow, arbitrary code can be executed.

My question is this:  Because the x86 architecture is only software
emulated on the Crusoe chip, could that chip (or the software layer
emulating the x86) detect when a buffer overflow was happening and
head
off any code execution, thereby eliminating the root exploit?

Seems to me that would be a big plus . . . . . .

- -b

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQEVAwUBOhqsUNfiGO9Bpo5jAQEcPAf8DrTpkHNK2aTsNFQXooUO0ZJnrjv1TeT6
3HA41D4HiO/2HIIeiAzzR/I3PSlsJdpR4z0z1Eq9VQF+CF4h1QMrp0Sj7/fASGUu
7w2zI7a3otbS6nx2dTktjSiYS4nULon7Qto69M85hRyOybH7+rpGK4gzbUAFWoZi
2D220CLOwcCFt/KPUSoBpEOwO4Gul1r6Mct62LzGIYdjrDODI7X8HdRQx3HvTOMa
AKK6VPpj/wgKG5JQMtDbldUFMRq67az1S4p6JEhkhNyaaA8sKDirzKqaAWCPo5u5
c6l21o20V22a7vl8qrxXUhi0C1gEibkBJxk9oCnhc0ObB3V7mjY4Gg==
=X9TI
-----END PGP SIGNATURE-----