Re: IP Level Encryption (kind of long)

From: David Wagner (daw_at_taverner.cs.berkeley.edu)
Date: 12/17/03

  • Next message: Wilk Teverbaugh: "New to cryptography" 
    Date: Wed, 17 Dec 2003 10:43:33 +0000 (UTC)

    Robert Wessel wrote:
    >"Skybuck Flying" <nospam@hotmail.com> wrote:
    >> Ofcourse a hacker could still try to overwrite other data which contains
    >> pointers to executable code like Henrick mentioned.
    >
    >Trying to secure all of this in hardware inevitably leads to the
    >re-re-re-re-re-re-reinvention of capabilities. And even then, only
    >the more extreme versions of capabilities can deal fully with the
    >pointer-to-function problem.

    I don't see why this requires capabilities. It seems to me that
    bounds-checking ought to be sufficient to deal with the kinds of
    failures that "Skybuck Flying" mentions. What am I missing?

    >Of course direct injection into memory is hardly the only way to
    >inject code into a system. For example, just rename an executable
    >image *.html, and point a link at it. It'll get downloaded and
    >probably stored in the browser's cache in a disk file. Now get
    >something to execute that file. Perhaps we could buffer overflow into
    >a string that is to be passed to system() - not a code pointer in
    >sight! OK, we can fix that by marking the cache directory as not
    >allowing code execution (a feature of most OS's). But now what about
    >scripts? As you said, "Ieewww... difficult problem !"

    That's one way to fix it. I believe another workable way to fix
    it would be to prevent the buffer overflow in the first place
    (e.g., using bounds checking).

  • Next message: Wilk Teverbaugh: "New to cryptography"

    Relevant Pages

    • Re: IP Level Encryption (kind of long)
      ... > I don't see why this requires capabilities. ... As you start to try and fix all the other stuff in hardware, ... >>something to execute that file. ... > it would be to prevent the buffer overflow in the first place ...
      (sci.crypt)
    • Re: Best way to store postfix data?
      ... based-pointer table and the executable tree as a based pointer system, ... Based pointers allow the pain-free conversion from relative pointers to absolute ... with control logic in the same time as the old read one line, execute ... but there's some memory hog I've missed in there. ...
      (microsoft.public.vc.mfc)
    • c++ : a baseclass, derived classes, a list of baseclass pointers, a problem.
      ... virtual void func1 ... Now i created a list of pointers to insances of the baseclass ... How can I execute the right function? ... I use a pointer to the baseclass to loop trough the list. ...
      (comp.programming)
    • Re: Best way to store postfix data?
      ... Look into based pointers. ... with control logic in the same time as the old read one line, execute ... but there's some memory hog I've missed in there. ... that seems infinitely preferable to trying to store them inline ...
      (microsoft.public.vc.mfc)
    • Re: Making an ActiveX control out of an executable
      ... Microsoft MVP, MCSD ... >>be coded to execute standalone as well. ... >>message handling differs. ... Thanks for the pointers. ...
      (microsoft.public.vc.atl)