1 Mar
2013
1 Mar
'13
11:40 a.m.
On 01/03/2013 00:25, David Riley wrote:
On Feb 28, 2013, at 4:17 PM, Dave Wade wrote:
But buffer
over runs need to code specific. I meant current buffer run
attacks won't work as they generally target I86...
I haven't heard of any. It's a modern
linux and most tasks run as non-root.
In addition on its a non-standard chip set so standard buffer over runs
don't work.
Er, what? Buffer overruns are the same regardless of what
chipset
you run, at least as long as your stack grows downwards (most stacks,
including ARMs' stacks, do). Stack headspace randomization, which
is generally a software thing, can cause the code intended to be
executed by a buffer overrun fail (since there's no static offset to
branch to), but it's not a feature of the hardware on most machines. Side note: are there any architectures which provide
hardware stack
randomization? Seems like an unlikely feature to implement, but it
would make sense since it tends to hurt performance to a measurable
degree.
- Dave
--
Dave Wade G4UGM
Illegitimi Non Carborundum