From: Ingo Molnar <mingo@elte.hu>
To: pageexec@freemail.hu
Cc: linux-kernel@vger.kernel.org,
Arjan van de Ven <arjanv@redhat.com>,
"Theodore Ts'o" <tytso@mit.edu>
Subject: Re: the "Turing Attack" (was: Sabotaged PaXtest)
Date: Tue, 8 Feb 2005 23:08:51 +0100 [thread overview]
Message-ID: <20050208220851.GA23687@elte.hu> (raw)
In-Reply-To: <20050208164815.GA9903@elte.hu>
* Ingo Molnar <mingo@elte.hu> wrote:
> http://pax.grsecurity.net/docs/pax-future.txt
>
> To understand the future direction of PaX, let's summarize what we
> achieve currently. The goal is to prevent/detect exploiting of
> software bugs that allow arbitrary read/write access to the attacked
> process. Exploiting such bugs gives the attacker three different
> levels of access into the life of the attacked process:
>
> (1) introduce/execute arbitrary code
> (2) execute existing code out of original program order
> (3) execute existing code in original program order with arbitrary
> data
>
> Non-executable pages (NOEXEC) and mmap/mprotect restrictions
> (MPROTECT) prevent (1) with one exception: if the attacker is able to
> create/write to a file on the target system then mmap() it into the
> attacked process then he will have effectively introduced and
> executed arbitrary code.
> [...]
>
> the blanket statement in this last paragraph is simply wrong, as it
> omits to mention a number of other ways in which "code" can be
> injected.
i'd like to correct this sentence of mine because it's unfair: your
categories are consistent if you define 'code' as 'machine code', and
it's clear from your documents that you mean 'machine code' under code.
(My other criticism remains.)
Ingo
next prev parent reply other threads:[~2005-02-08 22:16 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-02-02 16:51 Sabotaged PaXtest (was: Re: Patch 4/6 randomize the stack pointer) Ingo Molnar
2005-02-02 22:08 ` pageexec
2005-02-03 9:44 ` Ingo Molnar
2005-02-03 14:20 ` pageexec
2005-02-03 20:20 ` Ingo Molnar
2005-02-07 14:23 ` pageexec
2005-02-07 21:08 ` Ingo Molnar
2005-02-08 12:27 ` pageexec
2005-02-08 21:23 ` Ingo Molnar
2005-02-07 22:36 ` Ingo Molnar
2005-02-08 12:27 ` pageexec
2005-02-08 13:41 ` Ingo Molnar
2005-02-08 14:25 ` Julien TINNES
2005-02-08 16:56 ` Ingo Molnar
2005-02-08 16:48 ` the "Turing Attack" (was: Sabotaged PaXtest) Ingo Molnar
2005-02-08 22:08 ` Ingo Molnar [this message]
2005-02-10 13:43 ` Ingo Molnar
2005-02-10 13:58 ` Jakob Oestergaard
2005-02-10 15:21 ` Ingo Molnar
2005-02-10 20:03 ` David Weinehall
2005-02-11 8:51 ` Mika Bostrom
2005-02-08 22:41 ` H. Peter Anvin
2005-02-03 13:55 ` Sabotaged PaXtest (was: Re: Patch 4/6 randomize the stack pointer) Peter Busser
2005-02-03 14:39 ` Roman Zippel
2005-02-07 12:23 ` pageexec
2005-02-07 18:31 ` John Richard Moser
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050208220851.GA23687@elte.hu \
--to=mingo@elte.hu \
--cc=arjanv@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=pageexec@freemail.hu \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.