Re: [PEN-TEST] Crusoe chip. (fwd)

["Shetron, Richard" <multics () ruserved com>]

You might want to look at some of the Multics information at
www.multicians.org regarding security.  IIRC out of the box, Multics
installs at a B2 security level.  Multics had read, execute, write
protection flags on all segments enforced by hardware and used by
software.  Stacks/heaps were alwasy read/write, programs were always
read/execute.

There was also a ring protection as well.  Instead of just user/superviser
modes there were 4 superviser modes and 4 user modes.  A lower security
mode was not allowed to change or access a higher security mode segment
depending on the 'ring brackets'.

> From the Multics standpoint, this discussion on stack/heap protection
is late 60's technology and has been in standard use for over 30 years.

Forwarded message:
> As Craig said, the good folks on Bugtraq have demonstrated that
> preventing execution in the stack doesn't actually add important
> protection, it just changes the way you have to mount your attack.
>
> Furthermore, it would break various techniques that various language
> implementations use, that legitimately require executing in the
> stack. Some compilers like to generate code that installs trampoline
> instructions into the stack (I believe this is mostly to help ease
> interfacing between wildly different calling conventions); some
> compile-n-go implementations might want to execute out of stack
> storage.
>
> If there were a real and important security benefit to a non-exec
> stack, then the potential compatibility problems could be lived
> with, as each could be fixed if the implementor chose. But they
> point up a potential cost, and as the only benefit to a non-exec
> stack is effectively security through obscurity --- if the attacker
> knows you're doing it they can dodge --- it just doesn't seem worth
> implementing. Of course the benefit would be greatest if you did a
> private, one-off implementation. But implementation costs, and costs
> of dealing with any resulting compatibility problems, are the
> highest --- because they're not shared --- for such one-offs.
>
> -Bennett


--
Richard Shetron  multics () ruserved com multics () acm rpi edu  NO UCE
What is the Meaning of Life?      There is no meaning,
It's just a consequence of complex carbon based chemistry; don't worry about it
The Super 76, "Free Aspirin and Tender Sympathy", Las Vegas Strip.