OpenBSD Journal

Stopping buffer overflows on Microsoft Windows XP with Service Pack 2?

Contributed by jose on from the preventing-attacks dept.

Berk D. Demir writes: "A Computer Weekly article says the feature will be available only on machines equipped with AMD's Opteron processors. As you can guess, they choosed the easy way and gone with the hardware support for per page exec bit. Obviously OpenBSD Project is becoming more and more inspirational for the computer operating system world."

UPDATE: The original poster had mistakenly said this was about W^X, it's not. It's about the NX bit, which is an emerging feature on newer AMD processors. This can allow for in-hardware per-page memory protection mechanisms. Intel is not yet rolling this feature out. OpenBSD's support for the NX bit is not yet available, but should be part of the amd64 support, which is being worked on.

(Comments are closed)

Comments

  1. By Ryvar () on

    I've a couple friends in MS's Windows security group (one very senior), and I've always stressed the importance of OpenBSD's x86 WorX as well as some of the finer points of PF to them (ie the ability to reprioritize ACK packets for higher aggregate bandwidth when simultaneously uploading and downloading). They've been interested and appreciative of what the project has accomplished for the most part, though their resentment of the installer is universal.

    Since I know this is going to come up ahead of time, let me just say: this *is* BSD, not the GPL camp. The diffusion of the key success areas (in form or in substance) of the project even - or perhaps especially - to Windows is a real victory.

    --Ryv

    Comments

    1. By Leon Yendor () on

      What does " their resentment of the installer is universal" mean?

      Comments

      1. By Anonymous Coward () on

        a.k.a. It's not graphical and they don't really understand partitioning and slicing.

        It's the usual gripe from the GUI-bound crowd - invariably you give them a few months to learn more about the system and they will sing the installers praises.

    2. By Anonymous Coward () on

      Ummm, are you saying that MS adopted OpenBSD technology? Similar approaches have been existing even before OpenBSD's approach so it is not necessarily taken from OpenBSD (You could even read Theo's post to Bugtraq recently which tells it not being anything new...)

      Comments

      1. By Anonymous Coward () on

        Well, it wouldn't be a first that MS borrows from MS. ie: MS SFU uses OpenBSD code (previous deadly.org article).

  2. By Anonymous Coward () on

    The article mentions that Java does not use NX, however I don't think Java even needs NX since it does bounds checking in itself.

    Comments

    1. By Anonymous Coward () on

    2. By Chad Loder () on

      The Java virtual machine is implemented in C, and it's byzantine and a mess in some places, so it could definitely benefit from per page protection at the OS level.

      On the other hand, just-in-time compilers present some interesting challenges for these kinds of protection schemes, don't they? They have to generate executable code during runtime, so I imagine you'd have to have (W and ~X) pages that become (X and ~W) once the JIT compiler is ready to use them. Anyone care to comment?

      Comments

      1. By Anthony () on

        The article discusses that. Apparently one would have to disable the feature. Apparently that wouldn't be that difficult to do.

        MS will probably add some kernel hooks to get around the problem. They need it for .NET. I mean, even on OpenBSD if you have sufficient permissions on a mount with execute permission you can write a temporary file and execute that.

      2. By Anonymous Coward () on

        Sure JVM is implemented in C and that part could well be W^X. I was thinking about the code compiled by JIT.

  3. By Anonymous Coward () on

    OpenBSD was one of the people who implemented it first (not created). This is a kernel thing, surely Microsoft woundt get "inpiration" for this on OpenBSD.

    Comments

    1. By Anonymous Coward () on

      You should note that the thing is only with processors supporting the feature, not Intel yet.

  4. By Anonymous Coward () on

    they are not implementing w^x and article does not talk about that.

    all that they are talking about is to support non-executable page mappings that is _not_ what w^x does.

    Comments

    1. By Anonymous Coward () on

      miracle -- now it's fixed

      Comments

      1. By jose () on http://monkey.org/~jose/

        before you go and pat yourself on the back, a very polite person convinced me to fix the original submission. for better or for worse, i try not to muck with submissions too much. this is one of the times i said i wouldn't, and i wound up fixing it. but you had nothing to do with it.

        Comments

        1. By Anonymous Coward () on

          who cares -- you fixed it

    2. By PaX Team () pageexec at freemail.hu on mailto:pageexec at freemail.hu

      actually you're wrong, they are going to implement separation of writable/executable pages: http://msdn.microsoft.com/library/en-us/dnwxp/html/securityinxpsp2.asp . as you can read it in the "Memory protection" section, they're going for non-executable stacks/heaps *by default*. couple that with proper access rights on PE file sections and you get a pretty good separation, certainly nothing worse than OpenBSD.

      Comments

      1. By Anonymous Coward () on

        that's not what article is about

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]