security - Using a separate register to store return address? -


i'm reading how exploits work, , seems lot of them operate overwriting return address on stack. there's been lot of effort put making more difficult (stack canaries, aslr, dep, etc), seems me easier hardware producers add register, accessible call , ret instructions, hold return address. way, return address not overwritten buffer overflow definition. because call , ret still present , still operate in today's cpus (the difference store return address), seem me there wouldn't many issues compatibility. , since you're using register instead of ram access address, performance impact positive (albeit insignificant).

intel apparently has space allocate more registers security purposes, since mpx being implemented despite needing 2 registers. why don't add special register store return address?

this kinda exists. know 3 architectures , 1 language features that:

  • sparc has called register windows cpu saves , restores registers 1 function call/return. convention, return address stored in register o7 on function call, rotated i7 when callee establishes stack frame. when callee calls function, address rotated away internal register stack, untouchable dangerous code.
  • knuth's mmix has similar design return address stored directly inaccessible register stack on function call, pretty want.
  • arm , arm64 have link register. on function call, return address stored in link register, function return indirect jump address in link register. doesn't want content of link register must stored in stack in nested function calls, defeating security in leaf functions (i.e. functions call no other functions).
  • the forth programming language has design 1 stack values , separate stack return addresses. both stacks can manipulated freely programs, though need careful when manipulating return stack. in practice, implemented using 1 of architecture's registers return stack , 1 data stack. solves problem mentioned sufficiently clever programmer still mess allowing wrong input smash return stack.

Comments

Post a Comment

Popular posts from this blog

python - Selenium remoteWebDriver (& SauceLabs) Firefox moseMoveTo action exception -

while performing simple hover test on firefox through selenium (3.4.0) python bindings (3.4.3) using of available os in saucelabs (except linux, latest available firefox version old), performing following actionchain: hover = actionchains(driver) hover.move_to_element(elm_men_menu).perform() it throws following error: taceback: file [...] in testhover hover.perform() file "/usr/local/lib/python2.7/dist-packages/selenium/webdriver/common/action_chains.py", line 80, in perform action() file "/usr/local/lib/python2.7/dist-packages/selenium/webdriver/common/action_chains.py", line 290, in <lambda> command.move_to, {'element': to_element.id})) file "/usr/local/lib/python2.7/dist-packages/selenium/webdriver/remote/webdriver.py", line 256, in execute self.error_handler.check_response(response) file "/usr/local/lib/python2.7/...
Read more

html - How to custom Bootstrap grid height? -

why bootstrap grid has height 591.067 ? did height came ? .main-post { padding: 20px; background-color: #fff; border: 1px solid #d8d8d8; margin-bottom: 100px; } .main-post .post-categories { margin-bottom: 10px } .main-post h3 { margin: 0 0 10px; color: #777; letter-spacing: -1px; font-weight: bold } .main-post .post-author, .main-post .post-date, .main-post .post-comments { font-size: 12px } .main-post img { display: block; margin: 10px 0; } .main-post .post-summary { line-height: 1.7; color: #888 } .main-post { color: #999 } <div class="col-sm-6"> <div class="main-post"> <h3 class="post-title"> <a href="#"> post title </a> </...
Read more

Ruby Google Calendar Integration Watch Event / Push Notification -

the following snippet of code print events calendar id, calendar configured , try set watch notification on calendar. everything works the watch event method. i'm getting error: apis/core/http_command.rb:212:in `check_status': unauthorized (google::apis::authorizationerror) thi seems strange since calendars , events retrieve working fine. service = google::apis::calendarv3::calendarservice.new service.client_options.application_name = application_name service.authorization = authorize # fetch next 10 events user calendar_id = 'us7i4kt2to4mpb0b5et1f9f4co@group.calendar.google.com' response = service.list_events(calendar_id, max_results: 10, single_events: true, order_by: 'starttime', time_min: time.now.iso8601) puts "upcoming events:" puts "no upcoming events found" if response.items.empty? response.items.e...
Read more