stack smashing Was: Re: Scanning Formats (TIFF vs. JPEG)
derschjo at msu.edu
Sun Aug 20 02:54:42 CDT 2006
> But the intent was to avoid the "performance penalties"
> of using hardware mechanisms. So, (in existing hardware)
> you trade the use of those facilities for the overhead of
> an interpreter (regardless of what you want to call it)
Again, it's not an interpreter, and I'm not just making up a fancy name
for one. Jitting compiles the code at runtime, and in many cases can
optimze the code better than a standard compiler can. In the case of
Singularity, performance is not a primary goal -- it's a research
project. But Java and .NET have pretty decent performance when compared
to "native" C/C++ code. But I don't really want to start a flamewar
about this... it's one of those endlessly debatable topics :).
I was not intending to suggest that Singularity would avoid any
performance penalty -- I was originally responding to a poster who
claimed that abstracting pointers away, etc. in the name of security was
not possible -- I posited Singularity as an example of an OS that has
done this very thing.
> Because most machines nowadays are in the hands of people who
> aren't savvy enough to understand these issues. I.e. you can't
> have physical security since there is nothing preventing a
> user (*owner*) from circumventing this key step knowingly or
> E.g., any sort of removable media that can be passed control
> of the processor outside (i.e., before) the scope of your VM
> leaves the system vulnerable. Hence the reason many PC's
> are configured without (or with *disabled*) floppy and/or CD-ROM
> drives in business environments.
> Getting a robust system into a consumer's hands is considerably
> harder than one sitting in a machine room :>
Well, I agree that this is an attack vector. But I believe it's picking
nits; the primary source of "infection" on your average user's PC are
either 1) exploiting the code in the OS (buffer overrun, etc.) or 2)
Lame security in the OSes involved (running as root/admin as default,
etc.) It'd be quite a bit more difficult for malware/viruses/trojans to
get onto a user's PC and propagate themselves if it required physical
means to do so (i.e. an e-mail that says "Hey! Please burn this software
to a CD, put the CD in your drive and reboot from it! It'll be cool!...
trust me.") There's only so much you can do, in the end -- users will
always find ways to screw up their computers. Doesn't mean it's not
worth researching new strategies for security elsewhere.
More information about the cctalk