Being safe on the internet (was Re: Here we go again - ISP DPI, but is it interception?)

[David Biggins]

> -----Original Message-----
> From: ukcrypto-bounces at chiark.greenend.org.uk [mailto:ukcrypto-
> bounces at chiark.greenend.org.uk] On Behalf Of Charles Lindsey
> Sent: 11 August 2010 22:24
> To: UK Cryptography Policy Discussion Group
> Subject: Re: Being safe on the internet (was Re: Here we go again -
ISP
> DPI,but is it interception?)
> 
> The real solution for buffer overflow attacks is to keep the
executable
> code in read-only partitions, and to forbid execution of code in data
> partitions. AIUI, this is routine practice in Unix, subject to
suitable
> provisions in the hardare (as certainly provided in SPARC and ARM -
> ASIUI). I believe it is also possible in i86*, but that Bill Gates has
> painted himself into a corner that prevents taking advantage of it.
> BICBW.
> 

Hi Charles,

As I understand it, you're spot on.

That was the bit I was talking about earlier, where MS' marketing
department allowed Motorola enthusiasts to take the high ground over the
Intel segmented memory model, and so went for the flat memory model with
Win95.  

But this defeated the protections, because they were driven by the
segment descriptors, and the flat model points all the segments at the
same descriptor.  That has to be a decision that MS have long regretted.

These features are now available further in the modern memory manager on
64bit CPUS without needing separate segment descriptors; as you say, I'm
not sure how thoroughly they are used yet, beyond DEP which is such a
mechanism that forbids execution in stack pages.

I'm not at all certain on this, but I believe that Intel-based unix
implementations have traditionally also been flat model.   I have heard
the suggestion that this would be in part because it would have meant
some serious messing with the gcc code generation to make it handle the
old segmentation.  Whether or not this is still true, is another
question.


D.