Pretty much everyone and his dog knows the OpenBSD motto of "security by default". Most people haven't the faintest clue as to how complicated it can be to achieve this aim.
One of the most interesting and belaguered areas of operating systems research is that of "marking pages", that is to say defining characteristics for memory pages so that, for example, a memory page holding code is executable but one holding data isn't. Sounds familiar? It should. It is the basic principle by which a buffer overflow works. What might strike you as amazing is that there is more than one processor out there which comes fully equipped with protection against buffer overflows except that nobody bothers to turn it on.
Let us introduce Theo de Raadt, the founder of both OpenBSD and OpenSSH. He is arguably one of the most talented programmers around and also one of the worst choices to pick a fight with or indeed to be on the bad side of. Despite his at times difficult character he can describe technically complicated issues with striking clarity.
In his latest "in depth" posting to the openbsd-tech mailing list he explains in detail the work behind the scenes in the OpenBSD arena to make page protection possible. This is man-years of work, done for the pleasure of being able to raise the bar against buffer overflow attacks on architectures that are being abandoned (alpha, for example).
What I found immediately fascinating is the stark contrast between the "commodity processors", Intel x86 and Motorola 68k, and the "workstation class" processors. The latter can support page protection fully and indeed OpenBSD makes use of it with the latest set of patches.
Is Intel or Motorola to blame? Of course not: these processors, in particularly Intel's, were never meant to power servers. Their humble origins come all the way from the 8080, then 8085, then 8086 and so on. Similarly for the 68k series, an evolution of the MC6800 family (A more complete history of processors is also recommended reading!). As a matter of fact there is space for hope: as Theo notes the new AMD 64-bit processor will come with page protection ("By the way, hammer will not have this problem").
Posted by arrigo at February 3, 2003 04:10 PM