Anne & Lynn Wheeler
Sun, 12 Oct 2003 14:05:18 -0700
Not too good. If I knew what the target processor were, I think I could arrange to do some damage to most general-purpose operating systems; they all have to do some of the same fundamental things.
This is a bit more sophisticated than what Thompson's compiler did, but it's the same basic idea. There are some basic operations (in particular on the MMU) that you can recognize regardless of their specific form and subvert in a progammatic manner such that it's highly likely that you can exploit the resulting weakness at a later date, I think.
1) that it is more straight-forward to check assembler generated code since there is nearly a one to one correspondance between the assembler statement and the generated machine code
2) default assembly program generated listings shows assembler statement and the corresponding generate machine instruction
5) there were things like the SLAC assembler enhancements (just down/up the road)
6) people available (like people that did SLAC mods) that had dealt with the source of the assembler
7) some organizations that extensively used such systems that did study some of these issues in more detail
8) people dealing with development and debugging assembler-based systems normally are operating between the assembler listings (showing one-to-one between assembler statement and generated machine instruction) and what appears in memory.
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]