[Info-vax] Malware in kernel mode
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Fri Sep 26 11:12:44 EDT 2014
On 2014-09-26 14:25:00 +0000, Paul Sture said:
> a) /tmp was shared by multiple hosted accounts.
OS X and some other systems intentionally randomize the /tmp location,
while VMS does not.
> Alpha and Itanium got an honourable mention in the OmniUnpack paper...
<http://www.acsa-admin.org/2007/papers/151.pdf>
> (PDF page 5)
> "Many hardware architectures (e.g., Intel IA-64, Sun Sparc, Alpha)
> offer facilities to enforce the W ⊕ X policy through support for read,
> write, and execute per- missions at the page level. Unfortunately, the
> architecture targeted by the vast majority of malicious programs (Intel
> IA-32) lacks such facilities."
That reference apparently pre-dates the NX no-execute / XD
execute-disable support available in x86-64.
<http://en.wikipedia.org/wiki/NX_bit>
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list