- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi all:
I am reading materials of intel's IA-32 Intel Architecture Software Developers Manual
In Volume 1:Basic Architecture->6.2.4.2. RETURN INSTRUCTION POINTER ,it is described:
"The processor does not require that the return instruction pointer point back to the calling procedure.Prior to executing the RET instruction, the return instruction pointer can be manipulated in software to point to any address in the current code segment (near return) or another code segment (far return). Performing such an operation, however, should be undertaken very cautiously, using only well defined code entry points."
Is there any circumstance that any software manipulate the return instruction pointer?At least I have never met such case except overflow which is used by hacker.
So,since there are mechanism of page protect,segment protect,Why stack protect mechanism dosen't exist?
And without this machanism,the overflow will happen and will result in great damage as RPC worm did.To prevent this case,the programmer need to do lot of work to check the argument,or the new compiler insert lot of rubbish code to the executable files.
I am reading materials of intel's IA-32 Intel Architecture Software Developers Manual
In Volume 1:Basic Architecture->6.2.4.2. RETURN INSTRUCTION POINTER ,it is described:
"The processor does not require that the return instruction pointer point back to the calling procedure.Prior to executing the RET instruction, the return instruction pointer can be manipulated in software to point to any address in the current code segment (near return) or another code segment (far return). Performing such an operation, however, should be undertaken very cautiously, using only well defined code entry points."
Is there any circumstance that any software manipulate the return instruction pointer?At least I have never met such case except overflow which is used by hacker.
So,since there are mechanism of page protect,segment protect,Why stack protect mechanism dosen't exist?
And without this machanism,the overflow will happen and will result in great damage as RPC worm did.To prevent this case,the programmer need to do lot of work to check the argument,or the new compiler insert lot of rubbish code to the executable files.
We all knowoverflow happend just becausethat thebasic architecture of the chips are designedonNeumann's theroy.I do not investigate in the theroy.Is it unchangeble?
I am a programmer,and I do not familiar with hardware design.So it is just a free talk.
Message Edited by pll on 04-29-2004 11:31 PM
Link Copied
2 Replies
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We are forwarding your question to our engineering contacts and will let you know how they respond.
Regards,
Message Edited by intel.software.network.support on 12-02-2005 08:27 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Our engineering team responded as follows:
The ability to directly modify the return address can be used to enhance the efficiency of an application by eliminating unneeded branching logic that would otherwise be required in order to branch to the correct location. Restricting this ability would indeed reduce the opportunity for viruses to exploit this, but it would also force developers to change their existing programs, making them less efficient. This is a trade-off between efficiency and security. For the time being, the default mode is to allow this functionality in the name of improved efficiency.
We hope this helps.
Regards,
Message Edited by intel.software.network.support on 12-02-2005 08:28 PM
Reply
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page