Palladium

From: dullienat_private
Date: Wed Jul 10 2002 - 12:13:19 PDT

Next message: Deus, Attonbitus: "RE: Plain text password for Microsoft (icwip.dun)"

Previous message: KF: "Fw: Buffer overflow potential in centerICQ mail handling"
In reply to: Blue Boar: "Re: Plain text password for Microsoft (icwip.dun)"
Next in thread: Jason Coombs: "Malicious COM Surrogates"
Next in thread: Joerg Mayer: "Re: Plain text password for Microsoft (icwip.dun)"
Reply: Jason Coombs: "Malicious COM Surrogates"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hey Blue Boar, all,

BB> One nice, real improvement that could be made to the x86 family is to have
BB> things like real read-only memory segments, real code and data seperation, 
BB> etc... which is what you need to prevent overflows in hardware.

We do have real read-only pages, and they're used all over your
system. With PaX you have read-only-not-execute-pages.
"Real Code and Data Seperation" -- What do you mean by this ?

Generally Palladium is a very stupid move -- they claim at the one end
that Palladium is necessary, coz the existing security measures break
under the assumption that the trusted computing base cna be violated
via a kernel level exploit. Then they propose Palladium as a solution.

They do not mention that Palladium fails given the same assumption.

Sometimes I really really dislike Microsoft.

Cheers,
dullienat_private

Next message: Deus, Attonbitus: "RE: Plain text password for Microsoft (icwip.dun)"
Previous message: KF: "Fw: Buffer overflow potential in centerICQ mail handling"
In reply to: Blue Boar: "Re: Plain text password for Microsoft (icwip.dun)"
Next in thread: Jason Coombs: "Malicious COM Surrogates"
Next in thread: Joerg Mayer: "Re: Plain text password for Microsoft (icwip.dun)"
Reply: Jason Coombs: "Malicious COM Surrogates"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jul 10 2002 - 12:43:48 PDT