On Thu, 11 Mar 2004 05:04, Christopher Sawtell wrote:
> while they have the compute power many times that of the mainframe of yore,
> they do not have the security features which every big-iron machine had as
> a matter of course.
>
> Neither your ubiquitous *86* machines nor, to my knowledge, any other
> computer chipset found in the current crop of personal machines is able to
> produce a hardware segfault on array bound errors or, stack protection
> errors, i.e. underflow, overflow or execution of code on the stack.

I agree Chris, these limitations in commodity chipsets, in particular x86 
variants, combined with bugs in system software and applications lead to many 
security exploits that just weren't possible on many (I won't claim all) 
mainframes of old. As Rex pointed out it is possible to employ x86 protected 
mode to prevent certain exploits, but on its own this won't prevent stack 
buffer overruns.

> Until those problems are addressed by the chipset makers we will continue
> to have a continuum of crim-ware spewing over the 'Net.

An alternative to building required levels of protection into a CISC 
architecture would be to incorporate this into an existing Virtual Machine 
implementation. I wonder if the likes of Vmware have thought of doing 
this???? I don't think it would be too hard to build in stack buffer overrun 
protection in an x86 VM for example. 

















Reply via email to