MartyConnelly
martyconnelly at shaw.ca
Sun Feb 27 12:13:12 CST 2005
You can also approach this through hardware, I believe some IBM mainframes have had this for years On desktop cpu's this method has several names. Microsoft has several names so does Intel and AMD. This has to be checked before implementation in production environments. See execute disable bit Win XP SP 2 enables it on 32 bit machines http://www.intel.com/business/bss/infrastructure/security/flash.htm One solution is to use Win XP SP2 and brand new Intel or AMD 32 bit chips with Execute Disable bit set Right now it is only available in Intel Itanium Servers and AMD Athalon 64 bit servers. http://www.intel.com/business/bss/infrastructure/security/xdbit.htm What it does, is set apart pages of memory to be data only, so code cannot be executed from it. http://www.intel.com/business/bss/infrastructure/security/flash.htm On CPUs that support execution protection (NX) technology, Windows XP Service Pack 2 marks data pages non-executable. This feature of the underlying hardware prevents execution of code from pages marked in this way. This prevents attackers from overrunning a marked data buffer with code and then executing the code; it would have stopped the Blaster worm dead in its tracks. The only processor families that currently support NX are the 64-bit AMD K8 and Intel Itanium; however, Microsoft expects future 32-bit and 64-bit processors to provide hardware based execution protection.. In addition to supporting NX, Service Pack 2 implements sandboxing. All binaries in the system have been recompiled with buffer security checks enabled to allow the runtime libraries to catch most stack buffer overruns, and "cookies" have been added to the heap to allow the runtime libraries to catch most heap buffer overruns. Steve Erbach wrote: >John, > >FWIW, Jerry Pournelle has commented on his web site that all the focus >on C++ over the years is reaping the whirlwind, so to speak. That is, >with a more strongly typed language, there would be no such thing as >buffer overflows. Do you or does anyone else here have a feel for >that? > >Steve Erbach > > >On Fri, 25 Feb 2005 15:45:06 -0600, John Bartow <john at winhaven.net> wrote: > > >>Just got this from Watchguard: >> >>Trend Micro AV Ushers Hackers Right In >> >>* >><http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VName=Vulnerabil >>ity+in+VSAPI+ARJ+parsing+could+allow+Remote+Code+execution> Trend Micro's >>ARJ Buffer Overflow Alert >> >>A similar thin ghappened to Symantec a couple weeks ago: >>* <http://xforce.iss.net/xforce/alerts/id/189> ISS X-Force's ARJ >>Buffer Overflow Alert >> >>John B. >> >> >_______________________________________________ >dba-Tech mailing list >dba-Tech at databaseadvisors.com >http://databaseadvisors.com/mailman/listinfo/dba-tech >Website: http://www.databaseadvisors.com > > > -- Marty Connelly Victoria, B.C. Canada