Bugtraq mailing list archives
Re: http://www.smashguard.org
From: Theo de Raadt <deraadt () cvs openbsd org>
Date: Fri, 30 Apr 2004 18:45:42 -0600
The idea is not to create "custom CPUs" but to have our modification picked up by major vendors. Clearly there is interest in applying hardware to solve security issues based on the latest press releases from AMD that AMD chips include buffer-overflow protection (see Computer World, January 15, 2004).As Theo said, the AMD buffer overflow "protection" is nothing more than sensible separation of R and X bits per page, fixing a glaring andActually it is not "sensible", and it is not separation. You can have r--, r-x, but you can't have --x.
Oh for the record. A few chips make it possible to have --x permissions. alpha (I am not positive) sparc64 (I am not positive) ia64 hppa amd29k m88k The first two have software tlb refillers with a split tlb architecture, but I am not sure if there is tlb "leak" The next three have specific page table bits for kernel (r w x) and user (r w x). The last has a harvard-style split mmu (entirely different mmu for code and data), and it should be possible to play games to do it...
Current thread:
- Re: http://www.smashguard.org Pavel Machek (Apr 30)
- Re: http://www.smashguard.org Crispin Cowan (Apr 30)
- Re: http://www.smashguard.org Pavel Machek (Apr 30)
- Re: http://www.smashguard.org Nicholas Weaver (May 01)
- Re: http://www.smashguard.org Theo de Raadt (May 01)
- Re: http://www.smashguard.org Pavel Machek (Apr 30)
- Re: http://www.smashguard.org Coleman Kane (May 01)
- Re: http://www.smashguard.org Theo de Raadt (May 01)
- Re: http://www.smashguard.org Crispin Cowan (Apr 30)