Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] Crusoe chip.
From: Craig Anderson <craig () XTIME COM>
Date: Tue, 7 Nov 2000 18:22:37 +0000

On Tue, 7 Nov 2000, Robert van der Meulen wrote:

Hi,

Quoting Ben Ford (bford () TALONTECH COM):
My question is this:  Because the x86 architecture is only software
emulated on the Crusoe chip, could that chip (or the software layer
emulating the x86) detect when a buffer overflow was happening and head
off any code execution, thereby eliminating the root exploit?
Why would you want to detect it, when you can disable the execution flag on
the segments where you don't want it (bss/stack, etc) ?
Afaik if you're mucking around in the software-x86 emulation anyways, it's
better to fix stuff than to only detect it :)



<--( SNIP )-->

  Disabling execution on the Heap/BSS doesn't solve everything.  You
don't need to 'execute' anything to be malicious, although the ability to
execute arbitrary code is still very useful for all malicious intents and
purposes.

  Why would you want to dectect such activities?   Why not?  It is always
useful to see the myriad of attacks being performed on your resources as
long as it's not too costly in nature.

  The true fix is to start writing solid code with emphasis on minimal
privileged execution, which is much easier said than done of course.. so
anything along the way to help detect and deter is still useful IMHO ;)


-- Craig


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]