Palladium and buffer over runs
Frank Andrew Stevenson
frank at funcom.com
Thu Aug 29 04:58:04 EDT 2002
What is there to prevent that one single undisclosed buffer overrun bug in
a component such as Internet Explorer won't shoot down the whole DRM
scheme of Palladium ? Presumably IE will be able to run while the machine
is in a trusted state, but if the IE can be subverted by injecting
compromising code through a buffer overrun, the security of DRM material
that is viewed in one window could be compromised through malicious code
that has been introduced through another browser window.
The OS should change all memory pages to Read Only + Executable, after it
has checked the signature of an application, and the CPU could trigger an
exception if code is executed in a page that isn't tagged as Executable.
However Windows and Intel CPUs don't work this way... Count the number of
buffer over runs already found in IE, seems very likely that an attacker
would be able to discover a new one without disclosing it...
frank
--
This sentence is unique in this respect; it can safely
be attributed to my employer, Funcom Oslo AS.
There is no place like N59 50.558' E010 50.870'. (WGS84)
I enjoy coffee, and support cafe: http://www.eff.org/cafe/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list