R. Clayton (rclayton@monmouth.edu)
(no date)
Hi. AMD has introduced "NX technology" with the new Opteron and Athlon
64 processors. NX spits in the face of von Neumann by essentially
saying data and instructions are _not really_ the same as NX allows the
machine to mark certain sections of memory as non-executable (namely,
the instructions).
This has traditionally been done in the virtual memory system by allowing pages
without execution privilege.
This is supposedly great for security as the OS can load a program in memory,
mark it as NX (presumably a kernel-mode operation), allocate memory for
"data", and start executing. It sounds like this will quash buffer-overflow
exploits (e.g. somehow overwriting instructions in memory, then executing
those instructions).
It may make it harder, but it doesn't necessarily make it impossible. I can
still smash the stack and substitute my own return address. The difficult part
will now be that I can't include my own code as part of the process's data
space; I have to some how finagle it into the execute-only parts of the
process.
How do you feel about software problems (inept programmers or ok lets blame
the compilers that do not do bounds checking) being fixed by hardware?
Usually it's the software that patches up hardware problems (Pentium f00f
bug). Should NX have been implemented years ago? Why or why not? Explain.
The usual response is that it's faster to do it in hardware and more flexible
to do it in software. Fine-grain, high-frequency checking, like stack-smash
protection, is best done in hardware. Array-bounds checking is relatively fine
grained, and so would benefit from hardware checking, but the (advanced) state
of the practice in compilation is able to prove at compile time that some array
accesses are within bounds, eliminating the need for few-some-many run-time
checks (whether this obviates the need for hardware array-bounds checks is
context-dependent, principally on the language). As we'll see when we talk
about storage management, segmented-storage architectures, as in the x86,
provide array-bounds checking "for free" when run in segmented-storage mode.
Although I can't dredge up specific examples right now, I'd be willing bet a
nickle that explicit-execute permissions have been implemented before in
hardware. The main argument against is the cost in bits (storage or register
or both) required to implement it.
This archive was generated by hypermail 2.0b3 on Fri Dec 03 2004 - 12:00:06 EST