[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Executable memory: further programs that fail



Ingo,

I've read your page and I understand the ascii-armor issue.

There is an assumption, which is not true in general, that 
"code" and "data" are separate objects. In the trivial case
the loader treats code as data. Lisp systems do this all the
time. 

It might be more reasonable to apply exec-shield on a per-program
or per-process basis. In particular, the normal exploits happen
thru programs that access the net. Applying default security to
net-enabled programs (e.g. anything that accesses a socket) might
be more reasonable.

My particular objection isn't really to the non-executable stack.

I react to the notion that shared libraries can be placed 
"at random" in free space. Lisp systems, database systems,
numeric systems (e.g. large matrix computations), all rely on
large, contiguous blocks of storage. In fact the size of the
problem they can handle depends on the size of contiguous 
storage. I don't understand why fragmenting free storage
helps security. I certainly understand why it hurts certain
applications.

Tim Daly
axiom tenkan org
daly idsi net




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]