Vulnerability Development mailing list archives
Re: vulndev-1 and a suggestion about the ensuing discussion
From: Valdis.Kletnieks () vt edu
Date: Fri, 16 May 2003 19:22:49 -0400
On Fri, 16 May 2003 16:46:57 -0000, xenophi1e <oliver.lavery () sympatico ca> said:
That's interesting. I'm passingly familiar with the VMs used by AS/400, but I wasn't aware that out of bound accesses would immediately trap. I wonder how they do this...
I was under the impression that VMs used in this way were really just a sort of defense in depth. They don't prevent an individual process from being compromised but prevent that compromise from expanding beyond the boundaries of the VM. Do they really trap overruns from one valid chunk of memory into an adjacent one?
It's a tagged architecture, with descriptors. When you reference memory, you aren't referencing a memory address - you're using a reference to a descriptor that contains length/type/etc info (so it knows if it's stack, heap, executable, and so on). It's hardly a new idea - the original Multics penetration analysis paper (see http://csrc.nist.gov/publications/history/karg74.pdf) discusses on page 11 of the hardware on the Honeywell 645, which was a mid-1960's machine. Unfortunately, we haven't learned much in the meantime: http://www.acsac.org/2002/papers/classic-multics.pdf (Incidentally, I consider *BOTH* of these papers required reading for anybody who's subscribed to 'vuln-dev').
Attachment:
_bin
Description:
Current thread:
- vulndev-1 and a suggestion about the ensuing discussion Bernie Cosell (May 15)
- <Possible follow-ups>
- Re: vulndev-1 and a suggestion about the ensuing discussion xenophi1e (May 15)
- possible format string in ultra edit 8.00 Thijs Dalhuijsen (May 16)
- safe mallocs (was Re: vulndev-1 and a suggestion about the ensuing discussion) Bennett Todd (May 16)
- RE: vulndev-1 and a suggestion about the ensuing discussion Michael Wojcik (May 15)
- Re: vulndev-1 and a suggestion about the ensuing discussion xenophi1e (May 16)
- Re: vulndev-1 and a suggestion about the ensuing discussion Valdis . Kletnieks (May 17)