[Cryptography] Can crypto implement OS/FS protections ?
hbaker1 at pipeline.com
Sun Nov 20 10:42:31 EST 2022
That's an interesting datapoint, but I'm looking for a much wider scope.
For example, implementing a read-only protection on a file system, and other general protection mechanisms.
From: qua3k <qua3kr at gmail.com>
Sent: Nov 19, 2022 6:48 PM
To: <hbaker1 at pipeline.com>
Cc: <cryptography at metzdowd.com>
Subject: Re: [Cryptography] Can crypto implement OS/FS protections ?
On 11/18/22, Henry Baker wrote:
> For example, any *return addresses* could conceivably be stored on the
> stack and cryptographically signed in such a manner that they couldn't be
> spoofed by an attacker.
> I have to believe that someone, somewhere has already thought about
> this problem.
You're right, someone already has; Crispin Cowan did the random XOR
canary back in 1999 (https://lwn.net/1999/1111/a/stackguard.html).
This later inspired PaX's RAP cookie protection and possibly OpenBSD's
RETGUARD. There are inherent problems with implementing any sort of
return address protection in software on x86 platforms because of
cross-thread write primitives...
More information about the cryptography