[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Rep:Rep:Re: Rep:Re: [f-cpu] Stack handling
Yann Guidon a écrit :
>
> hi,
>
> Nicolas Boulay wrote:
> >
> > Another idea for security :
> >
> > One of my idea is to use a separate stack for return adress to avoid
> > buffer overflow. But this new stack are in memory with read/write right
> > by this task. If an other way is find to modify the memory place, it's
> > always possible.
> >
> > (i should refind an article where they explain how to bypass none
> > execute right on stack by writing inside librairies address space (that
> > could be protected by a ring ?) or by executing exec() with the good
> > parameter (/sbin/sh ! ;p) ).
> >
> > So what about creating 2 stores instructions ? One manipulates data
> > visible for the user and the other one for "internal" management as for
> > return address. Then we add a new bit on the MMU to allow a page to be
> > accessed (or not) by "user" store.
> >
> > This userStore could be used when manipulating array and pointers.
> > Stacks will be manipulated with the sysStore instruction inside a
> > protected page.
> >
> > Comments ?
>
> 1) security in FC0 is enforced through the SRs and the TLB.
It's nothing new compare to others machines.
>
> 2) there can be only one kind of load and store instructions
> because there are already a lot of variations around it.
>
I don't see any problem. It's just a flag that follow the store.
> 3) maybe a compromise would be to use the "stream" flags :
> computers that recognize it can setup a specific right or
> protection mechanism. Others (like embedded stuffs with no
> security problems) could simply not care, and the SW portability
> would work at no cost.
>
You should set a right on page to have an explicit protection !
> > nicO
> WHYGEE
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> *************************************************************
> To unsubscribe, send an e-mail to majordomo@seul.org with
> unsubscribe f-cpu in the body. http://f-cpu.seul.org/
*************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe f-cpu in the body. http://f-cpu.seul.org/