Prev: The Mark Robert Thorson FAQ: Read all about this LIAR, BULLY, THUG, CYBERSTALKER and HARASSER
Next: Why IA-64 flopped (was: Guessing wrong)
From: Wei Hu on 9 Apr 2008 13:55
Hello,

I know that newer Intel and AMD CPUs support readable and
non-executable pages. But from my tests, if I use mprotect() to set a
page's permission to be PROT_EXEC, that page is still readable. I'm
wondering what architectures implement these flags independently? Is
it possible to get executable and non-readable pages?

Thanks,
Wei
From: Eric P. on 9 Apr 2008 15:38
Wei Hu wrote:
>
> Hello,
>
> I know that newer Intel and AMD CPUs support readable and
> non-executable pages. But from my tests, if I use mprotect() to set a
> page's permission to be PROT_EXEC, that page is still readable. I'm
> wondering what architectures implement these flags independently? Is
> it possible to get executable and non-readable pages?

VAX did.

Eric

From: Gavin Scott on 9 Apr 2008 14:54
Wei Hu <wei.hoo(a)gmail.com> wrote:
> Is it possible to get executable and non-readable pages?

PA-RISC supports this I believe, though I'd be somewhat surprised if
you could get the OS to let you ask the hardware to do it.

It looks like the same mechanism made it into IPF as well (the Itanium
virtual addressing and protection mechanisms are clearly a derivative
of PA-RISC 2.0).

G.
From: Eric P. on 9 Apr 2008 15:54
"Eric P." wrote:
>
> Wei Hu wrote:
> >
> > Hello,
> >
> > I know that newer Intel and AMD CPUs support readable and
> > non-executable pages. But from my tests, if I use mprotect() to set a
> > page's permission to be PROT_EXEC, that page is still readable. I'm
> > wondering what architectures implement these flags independently? Is
> > it possible to get executable and non-readable pages?
>
> VAX did.

I should have said that the VAX hardware supported this but
I don't recall any software actually using the feature.
The only potential use would be for code that user mode
must be able to execute but no one can look at.

Eric

From: Wei Hu on 9 Apr 2008 18:06
Thank you all for your replies. That is exactly what I want to
achieve. I want to keep a piece of data inside a process' memory from
being readable by remote attackers using memory errors they
discovered. Of course I can use mprotect() to make the data accessible
by designated instructions. But the problem is that I do not want to
pay a high overhead. If I'm able to read-protect executable pages, I
can then patch that data into instructions that use them.

-Wei

On Apr 9, 3:54 pm, "Eric P." <eric_patti...(a)sympaticoREMOVE.ca> wrote:
> "Eric P." wrote:
>
> I should have said that the VAX hardware supported this but
> I don't recall any software actually using the feature.
> The only potential use would be for code that user mode
> must be able to execute but no one can look at.
>
> Eric

 |  Next  |  Last
Pages: 1 2
Prev: The Mark Robert Thorson FAQ: Read all about this LIAR, BULLY, THUG, CYBERSTALKER and HARASSER
Next: Why IA-64 flopped (was: Guessing wrong)