On Tue, 2002-11-05 at 21:16, Ulrich Weigand wrote: > convinced this buys you anything w.r.t. security that can't be > achieved much more easily, e.g. by StackGuard-type compilers. > Certainly nobody has even attempted to do this w.r.t. segments > on Intel for example -- at least as far as I know.)
There is Solar Designers non exec stack stuff which uses a segment trick to fake non exec pages and also some experimental bits (ab)using segments for fast Linux on Linux virtualisation. On modern x86 segment limits are really expensive though - 1 or more clocks per access. > In general, I can only re-iterate my belief that attempting to > guarantee security *even in the presence of bugs* is ultimately > futile. Definitely. Security policy should start "when xyz breaks in.."
