funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Texas Bank Dumps Antivirus for Whitelisting

From: "Richard M. Smith" <rms () computerbytesman com>
Date: Fri, 18 Jul 2008 10:22:07 -0400
I think I have been making the same point for the last 10 messages. ;-)  HA
does little to secure interpreters except for protecting against buffer
overflow errors in an interpreter.

VNA architecture can of course protect against buffer overflow errors also.
The CPU needs to have the ability to prevent data pages (or segments) from
being executed.  And of course the OS needs to turn the feature on.

Richard

-----Original Message-----
From: Valdis.Kletnieks () vt edu [mailto:Valdis.Kletnieks () vt edu] 
Sent: Friday, July 18, 2008 10:15 AM
To: Richard M. Smith
Cc: funsec () linuxbox org
Subject: Re: [funsec] Texas Bank Dumps Antivirus for Whitelisting

On Thu, 17 Jul 2008 18:05:39 EDT, "Richard M. Smith" said:

So under HA, a Web browser can only show ASCII text files.  After all, 
HTML itself is a programming language with intermingled code (ie., 
HTML tags) and data ("text").


BZZT! Wrong, but thank you for playing. :)

The actual *hardware* may present a Harvard architecture, but if the program
that's running is an interpreter, *that* can (if it so chooses) present a
Von Neumann architecture to the interpreted program (because to *it*, both
the interpreted program and the interpreted program's data are *bot* just
data to the interpreter).

Hint:  Most modern microprocessors are essentially a Harvard architecture
under the hood - but they have no problems looking very Von Neumann-y to the
operating system... :)

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: