Full Disclosure mailing list archives
Re: Cisco IOS Shellcode Presentation
From: Jason Coombs <jasonc () science org>
Date: Fri, 29 Jul 2005 16:28:31 -1000
Valdis.Kletnieks () vt edu wrote:
On Fri, 29 Jul 2005 15:02:51 -1000, Jason Coombs said:redesign, fundamentally, the turing machine so that before each operation is performed a verification step is employed to ensure thatAhem. No. You *can't* "ensure" it (although you *can* do things like bounds checking to *minimize* issues). It's called the Turing Halting Problem
We're not talking about proving/disproving the result of computation here, we're talking about a simple logical step inserted prior to transmission of operating instructions and data to a turing machine.
It does not invoke the Turing Halting Problem to ask the question "should the following opcode be sent to the CPU / should the opcode be read from memory and acted upon" ?
The simplest solution is to duplicate the machine code, placing one copy in a protected storage and requiring the CPU to confirm that both the active/RAM-resident copy and the protected storage copy match before proceeding with computation.
This is superior to simply reading machine code from a protected storage because the point is that malicious arbitrary code that overwrites or reprograms or inserts itself into the runtime memory space of an active process would easily defeat a volatile copy of a non-volatile protected storage image of some machine code. Only by requiring the CPU to perform a validation of each opcode instruction but allowing the CPU to continue to behave in all other respects as it behaves today does the protection arise. Other approaches are possible, but the basic idea of a separate supply of bits useful for the runtime authentication of opcodes remains the same.
Turing has nothing to say on this subject because he never contemplated it, to the best of my knowledge. Turing never tried to defend against buffer overflows back in the 1930s, yet people invoke him as a sage unerring philosopher of our time. Why?
Regards, Jason Coombs jasonc () science org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Cisco IOS Shellcode Presentation, (continued)
- Re: Cisco IOS Shellcode Presentation Randall Perry (Jul 29)
- Re: Cisco IOS Shellcode Presentation Valdis . Kletnieks (Jul 29)
- Re: Cisco IOS Shellcode Presentation Jochen Kaiser (Jul 29)
- Re: Cisco IOS Shellcode Presentation Valdis . Kletnieks (Jul 29)
- Re: Cisco IOS Shellcode Presentation J.A. Terranson (Jul 29)
- Re: Cisco IOS Shellcode Presentation Frank Knobbe (Jul 29)
- Re: Cisco IOS Shellcode Presentation Andrew R. Reiter (Jul 29)
- Re: Cisco IOS Shellcode Presentation J.A. Terranson (Jul 29)
- Re: Cisco IOS Shellcode Presentation Jason Coombs (Jul 29)
- Re: Cisco IOS Shellcode Presentation Valdis . Kletnieks (Jul 29)
- Re: Cisco IOS Shellcode Presentation Jason Coombs (Jul 29)
- Re: Cisco IOS Shellcode Presentation Valdis . Kletnieks (Jul 29)
- Re: Cisco IOS Shellcode Presentation lsi (Jul 30)
- Re: Cisco IOS Shellcode Presentation Valdis . Kletnieks (Jul 29)
- Re: Cisco IOS Shellcode Presentation J.A. Terranson (Jul 29)
- RE: Cisco IOS Shellcode Presentation Geo. (Jul 29)
- Re: Cisco IOS Shellcode Presentation Jason (Jul 29)
- Re: Cisco IOS Shellcode Presentation Pavel Kankovsky (Jul 30)
- Re: Cisco IOS Shellcode Presentation Ron DuFresne (Jul 29)
- Re: Cisco IOS Shellcode Presentation Micheal Espinola Jr (Jul 30)