[Info-vax] Malware in kernel mode
Simon Clubley
clubley at remove_me.eisner.decus.org-Earth.UFP
Fri Sep 26 18:16:58 EDT 2014
On 2014-09-26, Stephen Hoffman <seaohveh at hoffmanlabs.invalid> wrote:
> On 2014-09-26 19:53:40 +0000, Simon Clubley said:
>
>> Yes, I've heard of the NX bit. :-)
>>
>> However, can I ask if you have heard of Return-Oriented Programming ?
>
> "The no-execute memory management option on the stack is really just a
> joke promulgated by some marketeers."
><http://labs.hoffmanlabs.com/node/1014>
>
Yes, I see you are. :-)
In your second to last paragraph you seem to be arguing in favour of
microkernels and I think you know my opinions on this by now. :-)
It's a pity we still live mostly in the world of monolithic kernels.
One thing you don't discuss on that page are type safe programming
languages. While they don't protect against access granted due to
some types of logic errors they can be a major tool when trying to
protect against buffer overflows and errors caused by certain
types of programming mistakes.
Simon.
--
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world
More information about the Info-vax
mailing list