[PLUG] First JPEG virus is out there

Daggett, Steve Steve.Daggett at fiserv.com
Wed Sep 29 12:41:02 PDT 2004


> > Randal wrote:
> > > And virtually impossible in OpenBSD now, thanks to W^X, 
> > > randomized 
> > > stack pointers, sentry elements on the stack, and 
> > > randomized order 
> > > of dynloading.
> > > 
> > > Yeay, OpenBSD.  Helping me sleep at night once again. 
>
> Steve Daggett wrote:
> >   There are also assorted non-executable stack patches for 
> > Linux and 
> > GCC that do the same kind of thing.  Including, Crispin's 
> > Immunix StackGuard.
> > 
> >   Newer Intel and AMD CPUs include a technology called Data 
> > Execution 
> > Prevention (DEP).  The DEP allows specific memory pages to 
> > be marked 
> > non-executable.  There is apparently work being done in the Linux 
> > kernel to support DEP.  M$ XP is also moving to DEP based 
> > stack protection.

Galen wrote:
> Which begs the question, "What took them so long?"  PowerPC 
> parts have always had an execute bit in their MMU.

  Marketing?  I remember back in the 90's when a Micro$oft Marketing VP
started fluffing the market about "rich content" and M$-Office providing "a
rich user experience".  It was back in the early days of COM and the MMX
extensions.

  I distinctly remember looking at the flawed COM design and thinking "this
is going to hurt".  All that "rich content" added thousands of lines of code
and who knows how many buffer-overflows and other security holes.  One wag
in the office commented that "those who do not learn Unix are destine to
re-write it."  We're currently paying the price for all that ill-conceived
"rich content".  

Steve D...





More information about the PLUG mailing list