[Info-vax] An old VMS vulnerability, was: Re: Calling standards, was: Re: Byte range locking - was Re: Oracle
Simon Clubley
clubley at remove_me.eisner.decus.org-Earth.UFP
Tue Nov 29 13:49:59 EST 2016
On 2016-11-29, Johnny Billquist <bqt at softjar.se> wrote:
> On 2016-11-29 15:43, Stephen Hoffman wrote:
>> On 2016-11-29 13:12:20 +0000, Simon Clubley said:
>>
>>> Also, I really hope that VSI are making liberal use of the no-execute
>>> capability in x86-64 for what should be data-only memory pages.
>>
>> No-execute is only part of the puzzle.
>> https://en.wikipedia.org/wiki/Return-oriented_programming ASLR and
>> other details are also involved.
>
> Agreed. No-execute on data is not a silver bullet. As always, when
> people start talking like it is, I get nervous. Any kind of data
> corruption is bad, and have exploit potential. Believing that no
> execute, by itself, solves all problems, is just delusion. It might help
> stop some exploits, but that data corruption even happened means that
> there is some other problem, and that is still there, and can possibly
> be used in more ways.
>
Well, you can stop getting nervous in my case. :-)
I don't believe in silver bullets but I do believe in putting barriers
in an attacker's way and no-execute on data is a good barrier. However,
like all barriers, it should never be the _only_ barrier and I have
never implied that there should only ever be one type of barrier.
Simon.
--
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world
More information about the Info-vax
mailing list