On Tue, 7 Nov 2000, Robert van der Meulen wrote:
> Hi,
>
> Quoting Ben Ford (bford_at_TALONTECH.COM):
> > My question is this: Because the x86 architecture is only software
> > emulated on the Crusoe chip, could that chip (or the software layer
> > emulating the x86) detect when a buffer overflow was happening and head
> > off any code execution, thereby eliminating the root exploit?
> Why would you want to detect it, when you can disable the execution flag on
> the segments where you don't want it (bss/stack, etc) ?
> Afaik if you're mucking around in the software-x86 emulation anyways, it's
> better to fix stuff than to only detect it :)
>
<--( SNIP )-->
Disabling execution on the Heap/BSS doesn't solve everything. You
don't need to 'execute' anything to be malicious, although the ability to
execute arbitrary code is still very useful for all malicious intents and
purposes.
Why would you want to dectect such activities? Why not? It is always
useful to see the myriad of attacks being performed on your resources as
long as it's not too costly in nature.
The true fix is to start writing solid code with emphasis on minimal
privileged execution, which is much easier said than done of course.. so
anything along the way to help detect and deter is still useful IMHO ;)
-- Craig
Received on Nov 09 2000
Intro
