Prev: Adding "write protect" with call instruction, removing "write protect" with return instruction.
Next: Adding "write protect" with call instruction, removing "write protect" with return instruction.
From: Mike Hore on 28 May 2010 22:05 Skybuck Flying wrote: > Hello, > > I just had an idea how to protect the return address on the stack. > > The call instruction could make that region "write protected". > > The return instruction would then remove the "write protection". > > This would not prevent buffers overruns persee, but it would at least > prevent the return address from being overwritten, thereby potentially > avoiding attacks. > > The idea is so simple that even this patent says it's simple and obvious... > I haven't bothered reading the whole thing: > > http://www.faqs.org/patents/app/20090063801 I didn't want to wade through the whole thing either, but I'm wondering, what happens when the called routine isn't a leaf, and calls another subroutine? What happens to THAT return address? This idea would seem to need a granualarity of one address for the protection mechanism. Certainly not a page, unless you waste a lot of space on the stack. Cheers, Mike. --------------------------------------------------------------- Mike Hore mike_horeREM(a)OVE.invalid.aapt.net.au --------------------------------------------------------------- |