Windows support of CPU's "no execute" (or NX) feature

From: Errol Holt (errolholt_at_YAHOO.COM)
Date: 11/18/03

  • Next message: John G. Chang: "MS03 -048 causing problems for our 2003 DCs" 
    Date:         Mon, 17 Nov 2003 23:15:02 -0800
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    Windows XP Service Pack 2: A Developer's View:
    http://msdn.microsoft.com/library/en-us/dnwxp/html/securityinxpsp2.asp

    See section labeled [Memory protection]

    Memory protection:

    Some attacks by malicious software leverage software
    vulnerabilities that allow too much data to be copied into areas
    of the computer's memory. These vulnerabilities are typically
    referred to as buffer overruns. Although no single technique can
    completely eliminate this type of vulnerability, Microsoft is
    employing a number of security technologies to mitigate these
    attacks from different angles. First, core Windows components
    are being recompiled with the most recent version of our
    compiler technology to help mitigate against buffer overruns.

    Additionally, Microsoft is working with microprocessor companies
    to help Windows support hardware-enforced "no execute" (or NX)
    on microprocessors that contain the feature. NX uses the CPU
    itself to enforce the separation of application code and data,
    preventing an application or Windows component from executing
    program code that an attacking worm or virus inserted into a
    portion of memory marked for data only.

    =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

    >Such a hardware feature has been introduced recently
    >by Intel, namely in the 80286 microprocessor.
    >
    >All Windows versions I am aware of already contain
    >provisions to *circumvent* this feature!
    >
    >(Yes I know the original concept of the IA-32
    >Protected Mode - segmentation - is incompatible
    >with NT architecture, and that this is not the most
    >regrettable point where the NT design team chose
    >not to use an Intel feature - ignoring rings 1 and 2 is).
    >
    >Apart from this suave mockery I can only applaud
    >this announcement and I sincerely hope they found
    >a way to implement this idea with current CPU's.
    >
    >have fun
    >
    >Robert Heinig

    The 286? Well, no wonder...

    Microsoft can't be expected to adhere to every
    passing CPU fad that toddles down the road.

    Just give them a chance, they'll get to it!

    Errol

    __________________________________
    Do you Yahoo!?
    Protect your identity with Yahoo! Mail AddressGuard
    http://antispam.yahoo.com/whatsnewfree

    -----
    Marcus Ranum's new book "The Myth of Homeland Security" is now out and
    is available from http://www.amazon.com/ranum In this hard-hitting
    review of the homeland security business, Ranum shows us how the problem
    is vastly harder than it's being made to sound, and how special
    interests, *** covering, and bureaucracy are threatening to derail any
    chance of making progress.
    -----

  • Next message: John G. Chang: "MS03 -048 causing problems for our 2003 DCs"