On Fri, 16 May 2003 16:46:57 -0000, xenophi1e <oliver.laveryat_private> said: > That's interesting. I'm passingly familiar with the VMs used by AS/400, > but I wasn't aware that out of bound accesses would immediately trap. I > wonder how they do this... > I was under the impression that VMs used in this way were really just a > sort of defense in depth. They don't prevent an individual process from > being compromised but prevent that compromise from expanding beyond the > boundaries of the VM. Do they really trap overruns from one valid chunk > of memory into an adjacent one? It's a tagged architecture, with descriptors. When you reference memory, you aren't referencing a memory address - you're using a reference to a descriptor that contains length/type/etc info (so it knows if it's stack, heap, executable, and so on). It's hardly a new idea - the original Multics penetration analysis paper (see http://csrc.nist.gov/publications/history/karg74.pdf) discusses on page 11 of the hardware on the Honeywell 645, which was a mid-1960's machine. Unfortunately, we haven't learned much in the meantime: http://www.acsac.org/2002/papers/classic-multics.pdf (Incidentally, I consider *BOTH* of these papers required reading for anybody who's subscribed to 'vuln-dev').
This archive was generated by hypermail 2b30 : Sat May 17 2003 - 17:26:59 PDT