another great leap backwood

[Dave Farber <dave () farber net>]

Those that don't know the past are doomed to reinvent it. Djf


------ Forwarded Message
From: RISKS List Owner <risko () csl sri com>
Date: Sat, 10 May 2003 17:17:39 -0700 (PDT)
To: risks () csl sri com
Subject: Risks Digest 22.72


Date: Sun, 4 May 2003 14:30:51 +0800
From: "Jeremy Ardley" <jeremy () electrosilk net>
Subject: Re: OpenBSD release protects against buffer-overflow attacks (R
22-71)

It is commendable that the FreeBSD group is doing protecting against buffer
overflow attacks.

What is not so apparent is why technology that was developed and operating
over 30 years ago is just being re-invented in software.

The Burroughs 6700 implemented a hardware solution to the problem by
assigning 3 bits of very 51 bit memory location to the type of data
contained.

Memory that was tagged as data could not be executed. The result was that no
stack overflow attack was possible.

Today's Intel based fix is appears to be a hack to work around a deficient
architecture.  The question that arises is why the architecture of today
ignores the solid groundwork or previous years?

  [Because mass-market operating systems don't use the protection that is
  available in today's hardware.  Note that Multics had a similar execute
  bit solution in 1965 that prevented execution of data.  Executable
  attachments are clearly an abomination.  PGN]

------ End of Forwarded Message

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/