No announcement yet.

Secure programming with page protections

  • Filter
  • Time
  • Show
Clear All
new posts

  • Secure programming with page protections

    With the Intel Prescott and Nocona out, sporting (or soon to sport) EM64T with hardware page protections, all popular CPUs will now support page protections on memory (The Opteron/Athlon64 already have them, and if you're a RISC fan, chances are your CPU architecture has had page protections for a decade). Page protections allow granular control of memory access even by application programmers. Unfortunately, many programs and libraries are improperly coded, and make brash assumptions such as that memory returned by malloc() is inherently executable without first using mprotect() to make it so.

    Yet most of the "secure programming" books I've seen don't even bother touching on page protections, even though Windows and the majority of *IX operating systems (through memprotect)provide extremely powerful interfaces for controlling memory access at a per-page level. This can be partially attributed to the fact that these interfaces were largely useless without patches like PaX which attempt to regulate access at the software level, and by the fact that the behavior of the interfaces is largely undefined.

    So, anyone have any good resources on using page protections effectively in your programs? I'd certainly like to read them...
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B0
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B1
    [ redacted ]