Dailydave mailing list archives
RE: We have met the enemy, and the enemy is ... you.
From: jnf <jnf () nosec net>
Date: Tue, 11 Apr 2006 18:28:43 -0700 (PDT)
What I've never understood is why functionality available on the platform itself is not used as a means of preventing common vulnerabilities? For instance on the x86 platform you have the bound and into instructions that determine if a pointer is still within bounds and if an int overflow has occured respectively. A while back Theo made a big deal about int overflows and how they were undetectable to the program, however thats only at the level of the source, at the assembly level they are detectable and preventable. Surely it would impact performance to some degree, but at least in some arena's high security is valued over high performance. Whats interesting about this approach is that it could be accomplished at the layer of abstraction where the problem itself exists and be transparent to the user of the api. (for instance when a new variable is allocated we would allocate the bounds data structure and then wrap every write to the region with the bounds instruction) This could be implemented at a compiler level and significantly affect the overall security. Thoughts? -- There are only two choices in life. You either conform the truth to your desire, or you conform your desire to the truth. Which choice are you making? On Tue, 11 Apr 2006 pageexec () freemail hu wrote:
Date: Tue, 11 Apr 2006 17:43:58 +0200 From: pageexec () freemail hu To: dailydave <dailydave () lists immunitysec com>, "Knape, Joe" <joe.knape () cingular com> Subject: RE: [Dailydave] We have met the enemy, and the enemy is ... you. On 10 Apr 2006 at 16:13, Knape, Joe wrote:My "group" has also been looking at a "suite" of products that includes a "Memory Firewall" and "LiveShield" from a company called Determina. They make some bold claims and I've been testing it in a lab setup but I'd like to hear if anyone has been using it in a real-world environment?Determina's product is based on the research done at MIT under the DynamoRIO project. google for "program shepherding" (and the mispelled "sheperding" version) to find all you wanted to know. in my opinion, program shepherding is the only other technology that measures up to PaX, and for now it does even more in fact (deterministic ret2libc attack prevention). unfortunately source code has never been published, so some claims of security cannot be verified (e.g., their research paper mentions then unresolved issues with multithreaded apps).
Current thread:
- Re: We have met the enemy, and the enemy is ... you., (continued)
- Re: We have met the enemy, and the enemy is ... you. Chris Anley (Apr 11)
- Re: We have met the enemy, and the enemy is ... you. TINNES Julien RD-MAPS-ISS (Apr 13)
- Re: We have met the enemy, and the enemy is ... you. Chris Anley (Apr 11)
- RE: We have met the enemy, and the enemy is ... you. Knape, Joe (Apr 11)
- Re: We have met the enemy, and the enemy is ... you. Joel Eriksson (Apr 11)
- RE: We have met the enemy, and the enemy is ... you. pageexec (Apr 11)
- RE: We have met the enemy, and the enemy is ... you. redsand (Apr 11)
- Re: We have met the enemy, and the enemy is ... you. Dave Aitel (Apr 11)
- Re: We have met the enemy, and the enemy is ... you. toby (Apr 12)
- Re: We have met the enemy, and the enemy is ... you. Ian Melven (Apr 11)
- Re: We have met the enemy, and the enemy is ... you. redsand (Apr 11)
- RE: We have met the enemy, and the enemy is ... you. jnf (Apr 11)
- RE: We have met the enemy, and the enemy is ... you. pageexec (Apr 12)
- Re: We have met the enemy, and the enemy is ... you. Michael Spath (Apr 13)
- Re: We have met the enemy, and the enemy is ... you. Ian Melven (Apr 13)
- Re: We have met the enemy, and the enemy is ... you. jnf (Apr 14)
- Re: We have met the enemy, and the enemy is ... you. Halvar Flake (Apr 14)
- Re: We have met the enemy, and the enemy is ... you. Oezguer Kesim (Apr 14)
- Re: We have met the enemy, and the enemy is ... you. Michael Spath (Apr 14)
- RE: We have met the enemy, and the enemy is ... you. pageexec (Apr 13)