Re: vulndev-1 and a suggestion about the ensuing discussion

Valdis.Kletnieks_at_vt.edu
Date: 05/17/03

  • Next message: tony_at_libpcap.net: "OWL Intranet Engine" 
    To: xenophi1e <oliver.lavery@sympatico.ca>
Date: Fri, 16 May 2003 19:22:49 -0400

    On Fri, 16 May 2003 16:46:57 -0000, xenophi1e <oliver.lavery@sympatico.ca> said:

    > That's interesting. I'm passingly familiar with the VMs used by AS/400,
    > but I wasn't aware that out of bound accesses would immediately trap. I
    > wonder how they do this...

    > I was under the impression that VMs used in this way were really just a
    > sort of defense in depth. They don't prevent an individual process from
    > being compromised but prevent that compromise from expanding beyond the
    > boundaries of the VM. Do they really trap overruns from one valid chunk
    > of memory into an adjacent one?

    It's a tagged architecture, with descriptors. When you reference memory,
    you aren't referencing a memory address - you're using a reference to a
    descriptor that contains length/type/etc info (so it knows if it's stack,
    heap, executable, and so on).

    It's hardly a new idea - the original Multics penetration analysis paper (see
    http://csrc.nist.gov/publications/history/karg74.pdf) discusses on page 11 of
    the hardware on the Honeywell 645, which was a mid-1960's machine.

    Unfortunately, we haven't learned much in the meantime:

    http://www.acsac.org/2002/papers/classic-multics.pdf

    (Incidentally, I consider *BOTH* of these papers required reading for
    anybody who's subscribed to 'vuln-dev').

  • Next message: tony_at_libpcap.net: "OWL Intranet Engine"

    Relevant Pages

    • [RFC] page replacement requirements
      ... Submitting too much I/O at once can kill latency and even lead to deadlocks when bounce buffers are involved. ... Must be able to deal with multiple memory zones efficiently. ... When on completion of the write to their backing-store the reference bit is still unset a callback is invoked to place them so that they are immediate candidates for reclaim again. ... For traditional page replacement algorithms this is not a big issue since we just implement per zone page replacement; ...
      (Linux-Kernel)
    • Re: Java or C++?
      ... >> CTips wrote: ... GC can only kick in when the last reference has ... If f was already bound to a lot of memory when it enters do-it then ... > more than the extra memory leaked because of sloppy manual deallocation]. ...
      (comp.programming)
    • Re: 4-way Opteron vs. Xeon-IBM X3 architecture
      ... >>>The point here is that the issue concerns both speed AND capacity. ... >As to the reference, the message header points right back in this thread, ... >>>As you may suspect, I read plenty about memory systems, and I would ... >>>from the enthusiast market and assumed that it would work in the server ...
      (comp.sys.ibm.pc.hardware.chips)
    • Re: Garbage Collection Issues in long-standing services
      ... I would agree that I must be holding on to some references, ... store a reference to CS so that it can use it to send data back to the client. ... > By starting another process that allocates memory, ... it does not aggressively cleanup until the amount of physical memory ...
      (microsoft.public.dotnet.languages.csharp)
    • Re: A re-announce on GCs defects
      ... It's bad for CPU/Resource intensive but memory cheap objects. ... There may be more than one strong references and you don't know when and where to call Dispose. ... Instead of calling the destructor you call Dispose if the reference counter is 0. ... Note GC in java and C# is not really an addictive as someone would argue since there is no way to do real memory management like delete obj in C++. ...
      (microsoft.public.dotnet.languages.csharp)