Being safe on the internet (was Re: Here we go again - ISP DPI, but is it interception?)
Charles Lindsey
chl at clerew.man.ac.uk
Wed Aug 11 22:23:39 BST 2010
On Tue, 10 Aug 2010 20:44:55 +0100, David Biggins
<David_Biggins at usermgmt.com> wrote:
> DEP - the ability to mark various parts of memory (once more) as not
> being allowed to be executed.
>
> But I might even question whether or not it is safe to continue to use
> the same stack for code pointers and for data.
The real solution for buffer overflow attacks is to keep the executable
code in read-only partitions, and to forbid execution of code in data
partitions. AIUI, this is routine practice in Unix, subject to suitable
provisions in the hardare (as certainly provided in SPARC and ARM -
ASIUI). I believe it is also possible in i86*, but that Bill Gates has
painted himself into a corner that prevents taking advantage of it. BICBW.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl at clerew.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
More information about the ukcrypto
mailing list