[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Alternative network stack design (was: Re: Potential use case for op

From: Marcus Brinkmann
Subject: Re: Alternative network stack design (was: Re: Potential use case for opaque space bank: domain factored network stack
Date: Sat, 06 Jan 2007 20:38:57 +0100
User-agent: Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.7 (Sanjō) APEL/10.6 Emacs/21.4 (i486-pc-linux-gnu) MULE/5.0 (SAKAKI)

At Sat, 6 Jan 2007 19:51:01 +0100,
Pierre THIERRY <address@hidden> wrote:
> [1  <multipart/signed (7bit)>]
> [1.1  <text/plain; us-ascii (quoted-printable)>]
> Scribit Marcus Brinkmann dies 06/01/2007 hora 19:20:
> > Consider a web browser which I want to debug or monitor, for example
> > using intrusion detection techniques.  If the malicious code can hide
> > in opaque memory, this fails.
> Obviously, as I have authority on the memory used by the browser, if he
> can read/execute it, I can also. If it hands that memory to another
> process while losing read access to it, I won't be able to read it
> neither, but the browser cannot execute code in the opaque region.
> So you still can give the browser a space bank able to opacify and
> monitor it's code.

That only works if you assume that only certain privileged processes
(like the network server) can allocate opaque memory from a
non-transparent spacebank.  This is essentially what I described.

Or do you have something else in mind?  What prevents in your idea the
browser from simply allocating opaque memory?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]