I am not sure that you would need dcss's to protect one from arbitrarily jumping into shared libraries (as may be used by exploits). If one was to design shared libraries such that each shared library has its own address space then one could use cross memory to execute from that address space. One could have a PC call for each shared library function, and as such normal users would never be able to get to that code, other then by means of the pc call, which executes a predetermined function. This together with a non executable stack will make things harder for any viruses. I think that hardware funtionality, with os support is the best answer to viruses, although it will probably never be 100% failsafe.
Jan Jaeger
From: Adam Thornton <[EMAIL PROTECTED]> Reply-To: Linux on 390 Port <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: CPU Arch Security [was: Re: Probably the first published shell code] Date: Tue, 5 Nov 2002 16:01:57 -0500 On Tue, Nov 05, 2002 at 08:03:35PM +0000, Alan Cox wrote: > Flavour of the year appears to be maths sign/overflow mishandling. > Buffer overflows are no longer a growth area as programmers learn that > one. Gee, only took 'em, what, 40 years? > > For this to catch on in the mainstream, other CPU architectures > > would need to add similar features as well. But given the recent > > burbling from microsoft and intel about palladium and how cpu arch > > changes can enhance security, (which intel seems to be actually > > working on) I do not think that it is too wild, too early or too > > impractical to engage in this task. > > I don't really see how fiddling with libraries helps you, but enlighten > me Well, one thing I can see exploiting under VM would be an agressive use of DCSSes (or something like them--I don't know if you can put DCSSes in other data spaces, and I don't think you can execute code from data spaces, but you see where this is going), so you could share your shared libraries between Linux images. If each one were in its own read-only address space, you'd get a vast reduction in overall memory footprint, plus code couldn't exploit bugs in the standard libraries--even if you have a buffer overflow (or whatever) vulnerability, a) the code is off in its own private address space, so you can't go trash anything else, and b) your virtual machine has that segment marked read-only anyway. Good lord, I can't believe that I'm arguing for a segmented architecture. Adam
_________________________________________________________________ Chatten met je vrienden via het web? Probeer MSN Messenger http://messenger.msn.nl/default.asp?client=1
