[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Rep:Rep:Re: Rep:Re: [f-cpu] Stack handling

To: f-cpu@seul.org
Subject: Re: Rep:Rep:Re: Rep:Re: [f-cpu] Stack handling
From: nico <nicolas.boulay@ifrance.com>
Date: Wed, 24 Jul 2002 22:29:30 +0200
Delivered-To: archiver@seul.org
Delivered-To: f-cpu-outgoing@seul.org
Delivered-To: f-cpu@seul.org
Delivery-Date: Wed, 24 Jul 2002 16:09:30 -0400
References: <200207241358.33f6@th00.opsion.fr> <3D3EFB8C.595D3CD1@f-cpu.org>
Reply-To: f-cpu@seul.org
Sender: owner-f-cpu@seul.org

Yann Guidon a écrit :
> 
> hi,
> 
> Nicolas Boulay wrote:
> >
> > Another idea for security :
> >
> > One of my idea is to use a separate stack for return adress to avoid
> > buffer overflow. But this new stack are in memory with read/write right
> > by this task. If an other way is find to modify the memory place, it's
> > always possible.
> >
> >  (i should refind an article where they explain how to bypass none
> > execute right on stack by writing inside librairies address space (that
> > could be protected by a ring ?) or by executing exec() with the good
> > parameter (/sbin/sh ! ;p) ).
> >
> > So what about creating 2 stores instructions ? One manipulates data
> > visible for the user and the other one for "internal" management as for
> > return address. Then we add a new bit on the MMU to allow a page to be
> > accessed (or not) by "user" store.
> >
> > This userStore could be used when manipulating array and pointers.
> > Stacks will be manipulated with the sysStore instruction inside a
> > protected page.
> >
> > Comments ?
> 
> 1) security in FC0 is enforced through the SRs and the TLB.

It's nothing new compare to others machines.

> 
> 2) there can be only one kind of load and store instructions
>    because there are already a lot of variations around it.
>

I don't see any problem. It's just a flag that follow the store.
 
> 3) maybe a compromise would be to use the "stream" flags :
>    computers that recognize it can setup a specific right or
>    protection mechanism. Others (like embedded stuffs with no
>    security problems) could simply not care, and the SW portability
>    would work at no cost.
>

You should set a right on page to have an explicit protection !
 
> > nicO
> WHYGEE
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> *************************************************************
> To unsubscribe, send an e-mail to majordomo@seul.org with
> unsubscribe f-cpu       in the body. http://f-cpu.seul.org/
*************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe f-cpu       in the body. http://f-cpu.seul.org/

References:
- Rep:Rep:Re: Rep:Re: [f-cpu] Stack handling
  - From: "Nicolas Boulay" <nicolas.boulay@ifrance.com>
- Re: Rep:Rep:Re: Rep:Re: [f-cpu] Stack handling
  - From: Yann Guidon <whygee@f-cpu.org>

Prev by Date: Re: Rep:Re: Rep:Re: Rep:Re: [f-cpu] Stack handling
Next by Date: [f-cpu] Manual 0.2.6
Prev by thread: Re: Rep:Rep:Re: Rep:Re: [f-cpu] Stack handling
Next by thread: Rep:Re: Rep:Rep:Re: Rep:Re: [f-cpu] Stack handling
Index(es):
- Date
- Thread