NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Linux Security Auditing Project> 2000-q2

Subject: Re: Buffer Overflows
From: Jim Dennis (jimdstarshine.org)
Date: Thu Apr 27 2000 - 02:18:37 CDT

Next message: Jim Dennis: "Re: Buffer Overflows"
Previous message: Crispin Cowan: "Re: Buffer Overflows and DoS"
Next in thread: Jim Dennis: "Re: Buffer Overflows"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> How about it - why not implement a kernel solution to enforce memory
> boundaries so people don't have to worry about buffer overflows in their
> programming anymore (like it has been, anyway)? What does it take? How
> expensive would it be in terms of cpu performance? Is this the aim of the
> libsafe creators and the kernel group?

> With regards,

> Douglas Ostling
> Internet Entrepreneur

Sounds like you're suggesting implement a software version of a
"Harvard architecture" (with strict separation of code and data
and function/return pointers stored separately from I/O and
data buffers.

Basically you could also redesign compilers to generate code
that never passes data on the stack and only stores heap and
return pointers.

I personally think this would be a vast improvement in code
robustness. You might still be able corrupt data with buggy
code --- but hopefully the design would fail safe!

(This is the worst problem with the toolchain and model ---
the code isn't failsafe. When someone does break a bit of
code is obviously possible to use that failure to subvert
the process and thereby deliberately make it do very UNSAFE
things).

Of course I'm not a kernel designer nor am I qualified to
write compilers. I have no idea how much this would
break. I have no idea if it's feasible, what its performance
characteristics would be, and whether if violates any
standards or which necessitate a lot of rework of the
applications (if it would be a hard porting target).

So, though I've thought about this approach abstractly several
times over the years, I've never pursued it very far.

Nice of you to bring up the idea. Hasn't anyone tried it
before.

--
Jim Dennis                                             jdennislinuxcare.com
Linuxcare: Linux Corporate Support Team:            http://www.linuxcare.com

Next message: Jim Dennis: "Re: Buffer Overflows"
Previous message: Crispin Cowan: "Re: Buffer Overflows and DoS"
Next in thread: Jim Dennis: "Re: Buffer Overflows"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]