Bugtraq: Re: http://www.smashguard.org

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: http://www.smashguard.org

From: Theo de Raadt <deraadt () cvs openbsd org>
Date: Fri, 30 Apr 2004 18:45:42 -0600

The idea is not to create "custom CPUs" but to have our modification
picked up by major vendors.  Clearly there is interest in applying
hardware to solve security issues based on the latest press releases
from AMD that AMD chips include buffer-overflow protection (see
Computer World, January 15, 2004).

As Theo said, the AMD buffer overflow "protection" is nothing more than 
sensible separation of R and X bits per page, fixing a glaring and


Actually it is not "sensible", and it is not separation.

You can have r--, r-x, but you can't have --x.


Oh for the record.  A few chips make it possible to have --x
permissions.

alpha (I am not positive)
sparc64 (I am not positive)

ia64
hppa
amd29k

m88k

The first two have software tlb refillers with a split tlb architecture,
but I am not sure if there is tlb "leak"

The next three have specific page table bits for kernel (r w x) and
user (r w x).

The last has a harvard-style split mmu (entirely different mmu for
code and data), and it should be possible to play games to do it...

By Date By Thread

Current thread:

Re: http://www.smashguard.org, (continued)
- Re: http://www.smashguard.org Crispin Cowan (Apr 30)
  - Re: http://www.smashguard.org Pavel Machek (Apr 30)
    - Re: http://www.smashguard.org Nicholas Weaver (May 01)
  - Re: http://www.smashguard.org Theo de Raadt (May 01)
- Re: http://www.smashguard.org Coleman Kane (May 01)
- Re: http://www.smashguard.org Theo de Raadt (May 01)