Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: http://www.smashguard.org

From: Crispin Cowan <crispin () immunix com>
Date: Sat, 07 Feb 2004 15:44:46 -0800
Hilmi Ozdoganoglu wrote:


       Agreed, the software based approach does not take a significant
performance hit, but the hardware approach is transparent to the user
and does not require recompilation of the source code. Therefore, all
programs can run securely on a machine whether or not they are "compiled
securely" (e.g. legacy software).
Utter nonsense. Legacy software has to be recompiled to use the new CPU instruction set. A new CPU architecture is vastly *more* intrusive than a new compiler. 


The idea is not to create "custom CPUs" but to have our modification
picked up by major vendors.  Clearly there is interest in applying
hardware to solve security issues based on the latest press releases
from AMD that AMD chips include buffer-overflow protection (see
Computer World, January 15, 2004).
As Theo said, the AMD buffer overflow "protection" is nothing more than sensible separation of R and X bits per page, fixing a glaring and anomalous defect in the original 386 MMU. Many CPUs before and since had this feature, and it was just Intel slop in the early 1980s that developed an MMU (and associated instruction set) that mistakenly treated R and X per page as one bit. 

Crispin

--
Crispin Cowan, Ph.D.  http://immunix.com/~crispin/
CTO, Immunix          http://immunix.com
Immunix 7.3           http://www.immunix.com/shop/
Previous By Date Next
Previous By Thread Next

Current thread: