funsec mailing list archives
Re: Texas Bank Dumps Antivirus for Whitelisting
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Thu, 17 Jul 2008 18:39:31 -0400
Code bytes only get security measures supported by the hardware. Data bytes can be subjected to additional security checks. For example, a JVM can implement a security model of its choosing for P-code. (From the viewpoint of the real CPU, P-Code is not instructions but just data bytes that gets processed like any other data.) Richard -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Drsolly Sent: Thursday, July 17, 2008 6:21 PM To: Larry Seltzer Cc: funsec () linuxbox org; rMslade () shaw ca Subject: Re: [funsec] Texas Bank Dumps Antivirus for Whitelisting On Thu, 17 Jul 2008, Larry Seltzer wrote:
Harvard architecture, unlike von Neumann architecture, had a strictseparation of progrma and data store and representation. It would have been impossible for a program to modify its own or other executable material. Data was not executable, so SQL injection and XSS would have been impossible. (So would a lot of other things, but ...) I'm not a real computer scientist, I just play one online, but this isn't how I thought it worked. SQL isn't actually executable code, it's just data that program code uses in order to decide what to execute. A program in a Harvard architecture is capable of going "if x==1 then do_this() else if x==2 then do_that(); etc(),etc(),etc()" - can't it? Things like buffer overflows would be impossible with a Harvard architecture, but I don't see why SQL injection or Trojan horse programs or many other malicious items would be any less likely.
What's the difference between bytes that are executable, and bytes that are used by the computer to decide what to do? _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Texas Bank Dumps Antivirus for Whitelisting, (continued)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Valdis . Kletnieks (Jul 18)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 18)
- Re: Texas Bank Dumps Antivirus for Whitelisting Blue Boar (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Blue Boar (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Larry Seltzer (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Drsolly (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Larry Seltzer (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Larry Seltzer (Jul 17)