Prev: Adding "write protect" with call instruction, removing "write protect" with return instruction.
Next: Adding "write protect" with call instruction, removing "write protect" with return instruction.
From: Mike Hore on 28 May 2010 22:05
Skybuck Flying wrote:
> Hello,
>
> I just had an idea how to protect the return address on the stack.
>
> The call instruction could make that region "write protected".
>
> The return instruction would then remove the "write protection".
>
> This would not prevent buffers overruns persee, but it would at least
> prevent the return address from being overwritten, thereby potentially
> avoiding attacks.
>
> The idea is so simple that even this patent says it's simple and obvious...
> I haven't bothered reading the whole thing:
>
> http://www.faqs.org/patents/app/20090063801

I didn't want to wade through the whole thing either, but I'm wondering,
what happens when the called routine isn't a leaf, and calls another
subroutine? What happens to THAT return address? This idea would seem
to need a granualarity of one address for the protection mechanism.
Certainly not a page, unless you waste a lot of space on the stack.

Cheers, Mike.

---------------------------------------------------------------
Mike Hore mike_horeREM(a)OVE.invalid.aapt.net.au
---------------------------------------------------------------
 | 
Pages: 1
Prev: Adding "write protect" with call instruction, removing "write protect" with return instruction.
Next: Adding "write protect" with call instruction, removing "write protect" with return instruction.