stack smashing Was: Re: Scanning Formats (TIFF vs. JPEG)

Sun Aug 20 09:04:43 CDT 2006

Josh Dersch wrote:
> 
> I was not intending to suggest that Singularity would avoid any 

Sorry, I was responding to the Singularity *literature*
(though *through* you  :>)

> performance penalty -- I was originally responding to a poster who 
> claimed that abstracting pointers away, etc. in the name of security was 
> not possible -- I posited Singularity as an example of an OS that has 
> done this very thing.
> 
>> Because most machines nowadays are in the hands of people who
>> aren't savvy enough to understand these issues.  I.e. you can't
>> have physical security since there is nothing preventing a
>> user (*owner*) from circumventing this key step knowingly or
>> unknowingly.
>>
>> E.g., any sort of removable media that can be passed control
>> of the processor outside (i.e., before) the scope of your VM
>> leaves the system vulnerable.  Hence the reason many PC's
>> are configured without (or with *disabled*) floppy and/or CD-ROM
>> drives in business environments.
>>
>> Getting a robust system into a consumer's hands is considerably
>> harder than one sitting in a machine room  :> 
> Well, I agree that this is an attack vector.  But I believe it's picking 
> nits; the primary source of "infection" on your average user's PC are 
> either 1) exploiting the code in the OS (buffer overrun, etc.) or 2) 
> Lame security in the OSes involved (running as root/admin as default, 

Yes, but the latter is effectively the case for PC users
nowadays.  Even if they chose not to run as "Administrator"
24/7, they still are TOLD to run as Administrator when installing
software.

> etc.)  It'd be quite a bit more difficult for malware/viruses/trojans to 
> get onto a user's PC and propagate themselves if it required physical 
> means to do so (i.e. an e-mail that says "Hey! Please burn this software 
> to a CD, put the CD in your drive and reboot from it! It'll be cool!... 

Yes, but not all "infections" are intentional.  I.e. installing
buggy code is still buggy code.  Even if the manufacturer
didn't intend it to be so.

> trust me.")  There's only so much you can do, in the end -- users will 
> always find ways to screw up their computers.  Doesn't mean it's not 
> worth researching new strategies for security elsewhere.

Of course!  As I said in a previous post, this is something
near and dear to me as I have to build products that are
potentially compromised by these avenues.  Each time you
raise the bar, "clever" (??) users find some other stupid
thing to do that compromises the measures you've taken to
maintain system integrity.  I pity those folks who design
"PC-based" products!  (it's just too easy for users to think
"Oh, this is a PC!  I can ________ "