Bugtraq mailing list archives
Re: machine independent protection from stack-smashing attack
From: Greg Hoglund <hoglund () IEWAY COM>
Date: Mon, 11 Sep 2000 14:27:22 -0700
Cheers, --> snip --> 15 years of software reverse engineering experience allow me to easily distinguish between a mistake in the code and a backdoor inserted on purpose. <--- <--- Clearly you do not understand the issue. Since this is a very complex topic, it deserves to be explained properly. First and foremost, there is no 'backdoor' - the reason that you cannot make a stack non-executable under 'wintel' has 100% to do with Intel, not Microsoft. Secondly, the reason Microsoft has the ability to virtual protect READ_ONLY as well as EXECUTE_READ is because, naturally, Windows is an operating system that has been ported to many hardware architectures - some of which DO support an execute bit. As I understand it, this is how the memory model works for x86 Protected Mode: First of all, there ___IS NO EXECUTE FLAG___ under the protected mode mechanism for the x86 series of processors. There is a single bit flag in the page-table called R/W - and, specifically, it determines whether you can write to the page. You can ALWAYS read from the page, and therefore, execute from the page. End of story. For added clarity, remember that there is also a user/supervisory bit - and that is how operating systems such as NT protect 'kernel mode' pages from being altered by 'user mode' programs. Just wanted to point out that there is NO backdoor, NO hidden agenda - this is just HOW the hardware works and has 0% to do with Windows or Microsoft. -Greg Hoglund http://www.clicktosecure.com
Current thread:
- Re: machine independent protection from stack-smashing attack Yarrow Charnot (Sep 12)
- Re: machine independent protection from stack-smashing attack Jan Echternach (Sep 12)
- Re: machine independent protection from stack-smashing attack Michael Nelson (Sep 12)
- <Possible follow-ups>
- Re: machine independent protection from stack-smashing attack Greg Hoglund (Sep 12)