DJK(John) Robinson
djkr at msn.com
Sun Feb 27 16:01:08 CST 2005
Just for the record ... ICL mainframes from the early 70s (that's the 1970s - more than thirty years ago!) had two things in hardware, both exploited by operating system software: 1. EPB (Execute Permission Bit) had to be set to allow code execution. By default it was not set. 2. Bounded descriptors. A pointer wasn't just an address (to the start of a buffer), but also said how big the buffer was. Hardware interrupted if you tried to write past the end. Results? NO data executed as code; NO buffer overruns. Period. Great innovations from Intel/MS? Hmmph! John > -----Original Message----- > From: dba-tech-bounces at databaseadvisors.com > [mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of > MartyConnelly > Sent: 27 February 2005 18:13 > To: Discussion of Hardware and Software issues > Subject: Re: [dba-Tech] AV product breaches > > > You can also approach this through hardware, I believe some IBM > mainframes have had this for years > On desktop cpu's this method has several names. Microsoft has several > names so does Intel and AMD. > This has to be checked before implementation in production > environments. > > See execute disable bit Win XP SP 2 enables it on 32 bit > machines > http://www.intel.com/business/bss/infrastructure/security/flash.htm > > One solution is to use Win XP SP2 and brand new Intel or AMD 32 bit > chips with Execute Disable bit set > Right now it is only available in Intel Itanium Servers and > AMD Athalon > 64 bit servers. > http://www.intel.com/business/bss/infrastructure/security/xdbit.htm > > What it does, is set apart pages of memory to be data only, so code > cannot be executed from it. > > http://www.intel.com/business/bss/infrastructure/security/flash.htm > > On CPUs that support execution protection (NX) technology, Windows XP > Service Pack 2 marks data pages non-executable. This feature of the > underlying hardware prevents execution of code from pages > marked in this > way. This prevents attackers from overrunning a marked data > buffer with > code and then executing the code; it would have stopped the > Blaster worm > dead in its tracks. The only processor families that > currently support > NX are the 64-bit AMD K8 and Intel Itanium; however, > Microsoft expects > future 32-bit and 64-bit processors to provide hardware based > execution > protection.. In addition to supporting NX, Service Pack 2 implements > sandboxing. All binaries in the system have been recompiled > with buffer > security checks enabled to allow the runtime libraries to catch most > stack buffer overruns, and "cookies" have been added to the heap to > allow the runtime libraries to catch most heap buffer overruns. > > Steve Erbach wrote: > > >John, > > > >FWIW, Jerry Pournelle has commented on his web site that all > the focus > >on C++ over the years is reaping the whirlwind, so to speak. > That is, > >with a more strongly typed language, there would be no such thing as > >buffer overflows. Do you or does anyone else here have a > feel for that? > > > >Steve Erbach > > > > > >On Fri, 25 Feb 2005 15:45:06 -0600, John Bartow <john at winhaven.net> > >wrote: > > > > > >>Just got this from Watchguard: > >> > >>Trend Micro AV Ushers Hackers Right In > >> > >>* > >><http://www.trendmicro.com/vinfo/secadvisories/default6.asp? VName=Vuln >>erabil >>ity+in+VSAPI+ARJ+parsing+could+allow+Remote+Code+execution> Trend >>ity+in+VSAPI+ARJ+parsing+could+allow+Remote+Code+execution> Micro's >>ARJ Buffer Overflow Alert >> >>A similar thin ghappened to Symantec a couple weeks ago: >>* <http://xforce.iss.net/xforce/alerts/id/189> ISS X-Force's ARJ >>Buffer Overflow Alert >> >>John B. >> >> >_______________________________________________ >dba-Tech mailing list >dba-Tech at databaseadvisors.com >http://databaseadvisors.com/mailman/listinfo/dba-tech >Website: http://www.databaseadvisors.com > > > -- Marty Connelly Victoria, B.C. Canada _______________________________________________ dba-Tech mailing list dba-Tech at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-tech Website: http://www.databaseadvisors.com