NYCPHP Meetup

NYPHP.org

[nycphp-talk] Servers may soon be less vulnerable to exploits?

DeWitt, Michael mjdewitt at alexcommgrp.com
Wed Nov 17 17:10:23 EST 2004


I just ran across mentions of AMD and Intel's implemention of some
protection from buffer overflow attacks:

>From CNET

The security technology, called NX for "no execute," is built into several
"x86" processors from Intel, AMD and Transmeta. The technology is designed
to block vulnerabilities that viruses and worms use to spread, but operating
system support is required for NX to work.

http://ecoustics-cnet.com.com/Linux+gets+trial+'NX'+security+support/2100-73
44_3-5227102.html


More on it here:

http://www.anandtech.com/cpuchipsets/showdoc.aspx?i=2239

seems like it isn't perfect yet...


from Anandtech:

This is not to say that NX protection is not a step in the right direction.
In fact, NX/XD is a good first step to locking down the x86 architecture, as
long as it's adopted correctly. OpenBSD and the Execshield projects have
made the largest progress with implementing non-executable writable pages
and other features, if only in software. However, NX does not completely
eliminate buffer overflow exploits, and thus far it has only caused more
problems than it has solved with Windows SP2.

Mike



More information about the talk mailing list