Bugtraq mailing list archives

Re: http://www.smashguard.org

From: Nicholas Weaver <nweaver () CS berkeley edu>
Date: Sat, 7 Feb 2004 10:11:36 -0800

On Fri, Feb 06, 2004 at 03:29:30PM -0500, Hilmi Ozdoganoglu composed:


        Agreed, the software based approach does not take a significant
performance hit, but the hardware approach is transparent to the user
and does not require recompilation of the source code. Therefore, all
programs can run securely on a machine whether or not they are "compiled
securely" (e.g. legacy software).


Not all control flow follows stack logic.  So you can't claim
backwards compatibility on all programs.

What happens if you are compiling continuations, such as a
high-performance ML or scheme environment?  

A scheme environment may often need to keep around call-stacks after
they are exited, because call-with-current-continuation can cause them
to be reentered again.

Similarly, you mention the problem with user-land threads, yet
specifically don't solve it (just handwave it a bit).

Likewise, what happens on table-blowout?  You are using fixed-sized
tables, what happens when they fill up (and they WILL fill up.
Resources in a CPU should be 0, 1, or infinite, at least from the
user's point of view).

-- 
Nicholas C. Weaver                                 nweaver () cs berkeley edu

Current thread:

http://www.smashguard.org Hilmi Ozdoganoglu (Feb 02)
- RE: http://www.smashguard.org Dave Paris (Feb 03)
  - Re: http://www.smashguard.org Nicholas Weaver (Feb 03)
  - RE: http://www.smashguard.org Hilmi Ozdoganoglu (Feb 07)
    - Re: http://www.smashguard.org Theo de Raadt (Feb 07)
    - Re[2]: http://www.smashguard.org Andrey Kolishak (Feb 09)
    - Re: http://www.smashguard.org Crispin Cowan (Feb 09)
    - Re: http://www.smashguard.org Theo de Raadt (Feb 10)
    - Re: http://www.smashguard.org Nicholas Weaver (Feb 09)
- Re: http://www.smashguard.org Leon Harris (Feb 04)
  - Re: http://www.smashguard.org Seth Arnold (Feb 05)