Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Announcing RSX - non exec stack/heap module
From: Thomas Dullien <Dullien () gmx net>
Date: Thu, 7 Jun 2001 14:08:11 +0200 (MEST)

It would appearat first glance  that RSX uses the same technique as PAX.
Naturally, the PAX and RSX teams should confer to make a definitive
statement on similarities and differences.

Just for the record, the technique bears no similarity. PAX provides
real, non-executable PAGES on x86 -- RSX remaps the heap segments
outside of the code segment limit. 

Sometimes it is a pity there is such a grotesque lack of understanding
of x86 operating system architecture around.
(This is not intendet to be an attack towards anyone, please do not take
this personally. It is just a general observation that a lack of
can lead to security problems -- see the recent FreeBSD/Solaris patch 
concerning GDT descriptors which cost Argus half a fortune :-)

Generally, I have to agree with Crispins statements to a certain degree:
While it is possible to argue that both PAX and RSX are obscurity defenses,
at least PAX can, when properly implemented, stop ALL foreign-code execution
and make sure only code that resides inside the process address space
can be executed. 

dullien () gmx de

Machen Sie Ihr Hobby zu Geld bei unserem Partner 1&1!

GMX - Die Kommunikationsplattform im Internet.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]