Monday Jun 27, 2005
- Working from home? Make sure you're adding unique value
- Rules, incentives and Barry Schwartz's call for "practical wisdom" - and what of goals?
- Recommending "Managing Humans" by by Michael Lopp (aka Rands)
- The Knowledge Distortion Field
- Why security bugs are different to other bugs
- Happiness is a healthy social network
- Prototype Sun Ray laptops
- Father of three
- Teaching critical thinking in schools?
- links for 2008-05-17
aliases
announcement
birth
book
brompton
children
cloud
computer
croudsourcing
damage
datamining
decision
dtrace
ethics
family
fun
futurology
gapminder
geros
goalfree
goals
happiness
home
human
incentives
intel
internet
ipod
junk
kepner-tregoe
knowledge
life
loft
losug
mail
making
management
mdb
meme
methodologies
metro
mice
modelling
morals
mrgum
network
nfs
nis+
nis_cachemgr
nscd
opensolaris
performance
philosophy
photo
pizza
poverty
process
programming
psychology
rands
review
rodents
rules
security
seedcamp
sgrt
sigbus
signals
sigsegv
smart
smf
solaris
sprcfb
squirrels
sun
sunray
superhero
system
ted
teleworking
terminal
terminfo
thinking
troubleshooting
trust
wisdom
All
/Family
/General
/Internet
/Links
/Mac
/Management
/Palm
/Security
/Solaris
/Sun
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 License.
Today's Page Hits: 320
Monday Jun 27, 2005
I found a report on "Code Injection in C and C++ : A Survey of Vulnerabilities and Countermeasures" (July 2004). At 70+ pages it's too early to say whether I'd recommend it as light reading but as I'm anticipating a long train journey in the next few days I should be able to get through it.
What set this off was a lunchtime discussion on how buffer overflows can affect processors with register windows. If you don't know what I'm talking about then check the Wikipedia article. Fascinating ... if you're technically minded.
The thing with register windows is that the return pointer you want to overflow may not be in memory. You have to overflow spilled register sets. I was struggling to find a reference to this and most people I've asked just give me a blank look. For sometime now I've been wondering if I've been missing something obvious.
Thankfully, Google came to the rescue and found a paper all about this. It contains this quote:
As long as register windows are available, it is not possible for an overflow to overwrite the function's return address or frame pointer as they will still be contained in registers. However when the oldest window is saved to the stack, they are again vulnerable to overwriting.Apologies to the authors if I should not have quoted this article, I couldn't find any distribution or copyright notices
The paper discusses the state of the 'art'. That above quote came from a discussion on StackGhost which attempts to validate return addresses when filling the register window.
So it does appear that register windows do offer some protection but I've never managed to demonstrate this with simple overflow code. If anybody has an example to back me up I'd be very interested to try it.
