[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Rep:Rep:Re: Rep:Re: [f-cpu] Stack handling



hi,

Nicolas Boulay wrote:
> 
> Another idea for security :
> 
> One of my idea is to use a separate stack for return adress to avoid
> buffer overflow. But this new stack are in memory with read/write right
> by this task. If an other way is find to modify the memory place, it's
> always possible.
> 
>  (i should refind an article where they explain how to bypass none
> execute right on stack by writing inside librairies address space (that
> could be protected by a ring ?) or by executing exec() with the good
> parameter (/sbin/sh ! ;p) ).
> 
> So what about creating 2 stores instructions ? One manipulates data
> visible for the user and the other one for "internal" management as for
> return address. Then we add a new bit on the MMU to allow a page to be
> accessed (or not) by "user" store.
> 
> This userStore could be used when manipulating array and pointers.
> Stacks will be manipulated with the sysStore instruction inside a
> protected page.
> 
> Comments ?

1) security in FC0 is enforced through the SRs and the TLB.

2) there can be only one kind of load and store instructions
   because there are already a lot of variations around it.

3) maybe a compromise would be to use the "stream" flags :
   computers that recognize it can setup a specific right or
   protection mechanism. Others (like embedded stuffs with no
   security problems) could simply not care, and the SW portability
   would work at no cost.

> nicO
WHYGEE
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe f-cpu       in the body. http://f-cpu.seul.org/